Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1540232
MD5:2e25791fd09060fec2d4650c9872056b
SHA1:fb478cf8b83a4c59c8387705eab080e890d45aa9
SHA256:5e710e7f5f14a4e4fbc0b8a2d2845742f3272b38437d7789e53327ec34e7bd25
Tags:exex64user-jstrosch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Found pyInstaller with non standard icon
Potentially malicious time measurement code found
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1364 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2E25791FD09060FEC2D4650C9872056B)
    • conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • file.exe (PID: 5632 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2E25791FD09060FEC2D4650C9872056B)
      • selenium-manager.exe (PID: 5760 cmdline: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --output json MD5: B97E5ECDFD825A3A31183927E23E0199)
        • cmd.exe (PID: 2488 cmdline: "cmd" /v/c "wmic os get osarchitecture" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • WMIC.exe (PID: 2680 cmdline: wmic os get osarchitecture MD5: E2DE6500DE1148C7F6027AD50AC8B891)
        • cmd.exe (PID: 5980 cmdline: "cmd" /v/c "set PFILES=%PROGRAMFILES: (x86)=%&& wmic datafile where name='!PFILES:\=\\!\\Google\\Chrome\\Application\\chrome.exe' get Version /value" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • WMIC.exe (PID: 3560 cmdline: wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value MD5: E2DE6500DE1148C7F6027AD50AC8B891)
        • cmd.exe (PID: 7120 cmdline: "cmd" /v/c "chromedriver --version" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 1512 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • chromedriver.exe (PID: 5588 cmdline: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe --port=49712 MD5: 11DA4A5176071F39DE7F81464E4B40BD)
        • chrome.exe (PID: 2168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:, MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • chrome.exe (PID: 2716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" --enable-logging --log-level=0 --mojo-platform-channel-handle=2084 --field-trial-handle=2036,i,13163750102934017534,8503344207815821219,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:,, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:,, CommandLine|base64offset|contains: >r, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe --port=49712, ParentImage: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe, ParentProcessId: 5588, ParentProcessName: chromedriver.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:,, ProcessId: 2168, ProcessName: chrome.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.1% probability
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33915C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,3_2_00007FFDA33915C8
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33E03B0 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,3_2_00007FFDA33E03B0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33922C0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,3_2_00007FFDA33922C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391E79 CRYPTO_free,CRYPTO_malloc,3_2_00007FFDA3391E79
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33B2370 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FFDA33B2370
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D839B CRYPTO_clear_free,3_2_00007FFDA33D839B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3398410 CRYPTO_zalloc,ERR_put_error,3_2_00007FFDA3398410
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391FB9 CRYPTO_free,3_2_00007FFDA3391FB9
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33F02B0 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,3_2_00007FFDA33F02B0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391CB7 CRYPTO_clear_free,3_2_00007FFDA3391CB7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FFDA3391523
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33A6260 CRYPTO_free,3_2_00007FFDA33A6260
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33A8280 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FFDA33A8280
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D01C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFDA33D01C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392365 CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,3_2_00007FFDA3392365
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392216 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FFDA3392216
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339E240 CRYPTO_malloc,3_2_00007FFDA339E240
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33CA240 CRYPTO_memcmp,3_2_00007FFDA33CA240
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391131 CRYPTO_free,3_2_00007FFDA3391131
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33B6200 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,3_2_00007FFDA33B6200
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33AE210 CRYPTO_THREAD_run_once,3_2_00007FFDA33AE210
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33940AA BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,3_2_00007FFDA33940AA
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33A6128 CRYPTO_free,CRYPTO_strdup,3_2_00007FFDA33A6128
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FFDA3391050
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33921BC _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,3_2_00007FFDA33921BC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33AC0E0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,3_2_00007FFDA33AC0E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33EC0E0 CRYPTO_memcmp,3_2_00007FFDA33EC0E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33F07C0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,3_2_00007FFDA33F07C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339214E CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,user_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FFDA339214E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,3_2_00007FFDA3391393
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,3_2_00007FFDA339132A
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33E8850 CRYPTO_memcmp,3_2_00007FFDA33E8850
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33BC7F0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,3_2_00007FFDA33BC7F0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33E2810 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,3_2_00007FFDA33E2810
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339101E CRYPTO_free,CRYPTO_free,3_2_00007FFDA339101E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33946B0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,3_2_00007FFDA33946B0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391C03 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,3_2_00007FFDA3391C03
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392225 CRYPTO_free,3_2_00007FFDA3392225
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33C4690 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FFDA33C4690
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D0720 CRYPTO_memcmp,3_2_00007FFDA33D0720
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391DBB BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FFDA3391DBB
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33CA6E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FFDA33CA6E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33F85D0 CRYPTO_free,CRYPTO_malloc,ERR_put_error,3_2_00007FFDA33F85D0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,3_2_00007FFDA3391762
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391B7C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FFDA3391B7C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391AC3 CRYPTO_malloc,ERR_put_error,CRYPTO_free,3_2_00007FFDA3391AC3
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,3_2_00007FFDA339135C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33984C0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,3_2_00007FFDA33984C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339240F CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,3_2_00007FFDA339240F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33CA4C0 CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA33CA4C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3394487 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,3_2_00007FFDA3394487
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391BC7 CRYPTO_strdup,CRYPTO_free,3_2_00007FFDA3391BC7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391F0F CRYPTO_free,3_2_00007FFDA3391F0F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D0490 CRYPTO_free,CRYPTO_free,3_2_00007FFDA33D0490
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391F32 CRYPTO_free,CRYPTO_malloc,RAND_bytes,3_2_00007FFDA3391F32
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA3391479
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FFDA3391195
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339163B CRYPTO_free,CRYPTO_malloc,3_2_00007FFDA339163B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33DCBC0 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,3_2_00007FFDA33DCBC0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33DAB90 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,3_2_00007FFDA33DAB90
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391078 CRYPTO_free,3_2_00007FFDA3391078
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D0C30 CRYPTO_free,CRYPTO_strndup,3_2_00007FFDA33D0C30
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33BCC40 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,3_2_00007FFDA33BCC40
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33E8C00 CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA33E8C00
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33C8AC0 CRYPTO_zalloc,CRYPTO_free,3_2_00007FFDA33C8AC0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33AAA60 CRYPTO_THREAD_run_once,3_2_00007FFDA33AAA60
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33BCA80 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,3_2_00007FFDA33BCA80
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33C4AF0 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,3_2_00007FFDA33C4AF0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D89A7 CRYPTO_malloc,3_2_00007FFDA33D89A7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392464 CRYPTO_malloc,memcpy,3_2_00007FFDA3392464
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3398980 CRYPTO_free,3_2_00007FFDA3398980
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33BC990 CRYPTO_free,CRYPTO_free,3_2_00007FFDA33BC990
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D0A40 CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA33D0A40
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391FCD CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFDA3391FCD
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391D5C CRYPTO_clear_free,3_2_00007FFDA3391D5C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391BDB EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA3391BDB
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33AC910 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,3_2_00007FFDA33AC910
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33E3020 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,3_2_00007FFDA33E3020
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339AEB0 CRYPTO_free,3_2_00007FFDA339AEB0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33EAECC CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA33EAECC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339177B EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key,EVP_sha256,EVP_DigestSignInit,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,_time64,EVP_MD_CTX_free,EVP_PKEY_free,EVP_MD_CTX_free,EVP_PKEY_free,3_2_00007FFDA339177B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391410 CRYPTO_malloc,ERR_put_error,BIO_snprintf,3_2_00007FFDA3391410
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339115E OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FFDA339115E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392478 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free,3_2_00007FFDA3392478
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392383 CRYPTO_malloc,3_2_00007FFDA3392383
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33A6EF3 CRYPTO_free,CRYPTO_strdup,3_2_00007FFDA33A6EF3
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391802 CRYPTO_strdup,3_2_00007FFDA3391802
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33924F5 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FFDA33924F5
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33DAD60 CRYPTO_malloc,EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,3_2_00007FFDA33DAD60
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391E24 CRYPTO_malloc,3_2_00007FFDA3391E24
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391A4B OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp,3_2_00007FFDA3391A4B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339254F BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,3_2_00007FFDA339254F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33A6E27 CRYPTO_free,CRYPTO_strdup,3_2_00007FFDA33A6E27
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33E8E20 CRYPTO_free,CRYPTO_strndup,3_2_00007FFDA33E8E20
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391983 CRYPTO_free,CRYPTO_memdup,memcmp,CRYPTO_memdup,3_2_00007FFDA3391983
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339ECA0 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,3_2_00007FFDA339ECA0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33ACCB0 CRYPTO_get_ex_new_index,3_2_00007FFDA33ACCB0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392207 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes,3_2_00007FFDA3392207
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392306 CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,3_2_00007FFDA3392306
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391924 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,3_2_00007FFDA3391924
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339189D CRYPTO_malloc,ERR_put_error,3_2_00007FFDA339189D
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33D8CE2 CRYPTO_free,CRYPTO_free,3_2_00007FFDA33D8CE2
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33ACD10 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,3_2_00007FFDA33ACD10
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339192E CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFDA339192E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391069 CRYPTO_free,3_2_00007FFDA3391069
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33B93E0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,3_2_00007FFDA33B93E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33C72A0 CRYPTO_free,3_2_00007FFDA33C72A0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339160E CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FFDA339160E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33B52B4 CRYPTO_memdup,ERR_put_error,3_2_00007FFDA33B52B4
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391398 EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,EVP_PKEY_security_bits,DH_free,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,3_2_00007FFDA3391398
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391A05 CRYPTO_zalloc,memcpy,memcpy,memcpy,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFDA3391A05
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391433 CRYPTO_free,CRYPTO_strndup,3_2_00007FFDA3391433
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339194C ERR_put_error,ASN1_item_free,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free,3_2_00007FFDA339194C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391073 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,3_2_00007FFDA3391073
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392293 CRYPTO_memdup,ERR_put_error,CRYPTO_free,CRYPTO_free,3_2_00007FFDA3392293
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33C7310 CRYPTO_free,CRYPTO_strdup,CRYPTO_free,3_2_00007FFDA33C7310
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33DB1A0 CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FFDA33DB1A0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3392284 EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc,3_2_00007FFDA3392284
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33C31D0 CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,3_2_00007FFDA33C31D0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33991D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FFDA33991D0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33FD180 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,3_2_00007FFDA33FD180
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391232 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FFDA3391232
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33919EC CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,3_2_00007FFDA33919EC
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: file.exe, 00000003.00000002.2501994483.00007FFDA344D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2503290715.00007FFDA4168000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: wkernel32.pdb source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005C2D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420878035.0000000005C22000.00000004.00000020.00020000.00000000.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb( source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005C22000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000003.00000002.2499298256.00007FFD9413E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: \??\C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BD8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502514717.00007FFDA3C0B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: file.exe, 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2503742329.00007FFDA4633000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: file.exe, 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: file.exe, 00000003.00000002.2499298256.00007FFD9413E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2498012770.00007FFD93EDB000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.2153887963.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2504326644.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: \??\C:\Users\user\Desktop\symbols\exe\chromedriver.exe.pdb(z source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BF9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: file.exe, 00000003.00000002.2499298256.00007FFD941C0000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: \??\C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\wntdll.pdb\* source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BF9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\Desktop\symbols\exe\chromedriver.exe.pdb} source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BF9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdbP>`>p> source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_uuid.pdb source: file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2503107994.00007FFDA3FD2000.00000002.00000001.01000000.00000010.sdmp, _uuid.pyd.0.dr
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502514717.00007FFDA3C0B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: wkernel32.pdb( source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005C2D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_elementtree.pdb source: file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502312754.00007FFDA3AF4000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2504085065.00007FFDA4DA6000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: file.exe, 00000003.00000002.2500410089.00007FFD9456E000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2504564535.00007FFDA5493000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: file.exe, 00000003.00000002.2501320240.00007FFDA3372000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: \??\C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\symbols\exe\chromedriver.exe.pdb source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BD8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502911921.00007FFDA3C2D000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD969E0 FindFirstFileExW,FindClose,0_2_00007FF6DCD969E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6DCDB0A34
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF6DCDB0A34
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD969E0 FindFirstFileExW,FindClose,3_2_00007FF6DCD969E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,3_2_00007FFD93EF3229
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00AE72E0 CloseHandle,FindFirstFileW,FindClose,6_2_00AE72E0
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: %s:%d%s:%i.google.com.youtube.com.gmail.com.doubleclick.net.gstatic.com.googlevideo.com.googleusercontent.com.googlesyndication.com.google-analytics.com.googleadservices.com.googleapis.com.ytimg.comgoogle.comwww.google.com.localhostTHROTTLEDIDLELOWESTHIGHESTUNKNOWN_PRIORITYd equals www.youtube.com (Youtube)
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://.css
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://.jpg
Source: file.exe, 00000003.00000002.2495655907.0000016202E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: file.exe, 00000003.00000002.2495655907.0000016202E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:02
Source: file.exe, 00000003.00000002.2495655907.0000016202E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444
Source: file.exe, 00000003.00000003.2486931212.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494012998.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485726774.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489818775.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489474598.0000016200EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444/wd/hub
Source: file.exe, 00000003.00000003.2487276638.00000162002CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486143581.00000162002C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483585455.00000162002C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486169171.00000162002C6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483934837.00000162002C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.0.0.1:4444/wd/hub
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_jsonp
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAss
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssj
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl0
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: file.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493177698.0000016200ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490145488.0000016200ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490840783.0000016200ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183416308.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: file.exe, 00000003.00000003.2485026968.0000016200D20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200DDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200DEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183614526.0000016200DD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484427473.0000016200DEE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483849862.0000016200D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://html4/loose.dtd
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://httpswsswsdevtools/browser/json/versionjson/listdevtools://chrome://print/..
Source: file.exe, 00000003.00000003.2483715593.0000016200AE7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483741955.0000016200D6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484394550.0000016200DCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485667207.0000016200D72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://report-example.test/test
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://s..
Source: file.exeString found in binary or memory: http://schemas.mi
Source: file.exe, 00000003.00000002.2495808058.0000016202FEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://wpad/wpad.dat..
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.accv.es00
Source: file.exe, 00000000.00000003.2162894216.000001EBAD460000.00000004.00000020.00020000.00000000.sdmp, chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: file.exe, 00000003.00000003.2181302372.0000016200D21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181302372.0000016200D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: file.exe, 00000003.00000002.2495808058.0000016203010000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org
Source: file.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/character-sets
Source: file.exe, 00000003.00000003.2484427473.0000016200E24000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183416308.0000016200E24000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200E24000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484630772.0000016200E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: file.exe, 00000003.00000003.2181302372.0000016200D21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181302372.0000016200D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: file.exe, 00000003.00000002.2495655907.0000016202F1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: file.exe, 00000003.00000002.2495655907.0000016202F1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2004/em-rdf#P
Source: file.exe, 00000003.00000003.2181302372.0000016200D21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181302372.0000016200D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.w3.
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.w3.o
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.w3.or
Source: file.exe, 00000003.00000003.2489007579.0000016202AFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2495514731.0000016202AFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484051510.0000016202AFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485438480.0000016202AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.orf
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.WebBundleURLLoaderFactory::OnResponseParsedX-Content-Type-OptionsInvalid
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: file.exe, 00000003.00000003.2486633775.0000016200A18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2492889487.0000016200A1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483818603.0000016200A17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487304382.0000016200A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: file.exe, 00000003.00000002.2495655907.0000016202F1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/home
Source: file.exe, 00000003.00000002.2495655907.0000016202F1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/homeg
Source: chromedriver.exe, 0000000E.00000002.2421790929.0000000052824000.00000004.00001000.00020000.00000000.sdmp, Null.14.drString found in binary or memory: https://chromedriver.chromium.org/security-considerations
Source: selenium-manager.exe, selenium-manager.exe, 00000006.00000003.2262446539.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2231874371.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2274313088.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.stora
Source: selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.stora0
Source: selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/
Source: selenium-manager.exe, selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000002.2377797505.0000000000EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/114.0.5735.90/chromedriver_win32.zip
Source: selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/114.0.5735.90/chromedriver_win32.zip(
Source: selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/114.0.5735.90/chromedriver_win32.zipx
Source: selenium-manager.exe, 00000006.00000002.2377649136.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2274313088.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE_114
Source: selenium-manager.exe, 00000006.00000003.2262446539.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000002.2377649136.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2274313088.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE_115
Source: selenium-manager.exe, 00000006.00000002.2377649136.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2247575899.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE_116
Source: selenium-manager.exe, 00000006.00000003.2262446539.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2247575899.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2274313088.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE_1160
Source: selenium-manager.exe, 00000006.00000002.2377649136.0000000000E7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE_117
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://crbug.com/1154140
Source: file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/safari/download/.
Source: file.exe, 00000003.00000002.2495808058.0000016202FC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/safari/download/.0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns.google/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: file.exe, 00000003.00000003.2481987550.0000016200DDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200DEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485093660.0000016200DF0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183614526.0000016200DD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484427473.0000016200DEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539#
Source: file.exe, 00000000.00000003.2160747528.000001EBAD45D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/chromium-bidi
Source: selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/releases/H
Source: file.exe, 00000003.00000002.2494012998.0000016200EEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486931212.0000016200ECF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilities
Source: file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
Source: file.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol
Source: file.exe, 00000003.00000002.2494012998.0000016200EEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486931212.0000016200ECF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol.
Source: file.exe, 00000003.00000003.2487924372.0000016200231000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200A60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487535305.0000016200A73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489760436.0000016200237000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489098306.0000016200232000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487562631.000001620022E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2491791632.000001620023B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: selenium-manager.exe, selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://github.com/clap-rs/clap/issuesC:
Source: selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://github.com/mozilla/geckodriver/releases/
Source: file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2492499829.0000016200358000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: file.exe, 00000003.00000003.2487924372.0000016200231000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200A60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487535305.0000016200A73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489760436.0000016200237000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489098306.0000016200232000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489372049.0000016200A75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487562631.000001620022E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2491791632.000001620023B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: file.exe, 00000003.00000003.2487924372.0000016200231000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200A60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487535305.0000016200A73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489760436.0000016200237000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489098306.0000016200232000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489372049.0000016200A75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487562631.000001620022E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2491791632.000001620023B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: file.exe, 00000003.00000003.2481987550.0000016200DDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200DEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485093660.0000016200DF0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183614526.0000016200DD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484427473.0000016200DEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: file.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487834894.0000016200ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183385762.0000016202A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: file.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: file.exe, 00000000.00000003.2160747528.000001EBAD45D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ziglang/zig-bootstrap
Source: file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: file.exe, 00000003.00000003.2483849862.0000016200D2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486007108.0000016200D36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485026968.0000016200D2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487066064.0000016200D36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485412170.0000016200D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: file.exe, 00000003.00000003.2490247092.0000016200265000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: file.exe, 00000003.00000003.2183416308.0000016200ECE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489474598.0000016200EC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489563488.0000016200A63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180694535.0000016200A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://msedgedriver.azureedge.net/
Source: selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://msedgedriver.azureedge.net/W
Source: selenium-manager.exe, selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://myproxy.net:8080)TIMEOUTTimeout
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://p2p.binance.com/ru/trade/RosBankNew/USDT?fiat=RUB
Source: file.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2182318031.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2491124044.0000016200ADC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487834894.0000016200ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493288358.0000016200ADD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p2p.binance.com/ru/trade/TinkoffNew/USDT?fiat=RUB
Source: file.exe, 00000003.00000002.2493418027.0000016200BF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=RosBankNew
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=TinkoffNew&asset=USDT
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=TinkoffNew&asset=USDTd
Source: file.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2182318031.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2491124044.0000016200ADC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487834894.0000016200ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493288358.0000016200ADD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=TinkoffNew&asset=USDTz9https://p2p.binan
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://public.dns.iij.jp/IIJ
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: file.exe, 00000003.00000002.2500410089.00007FFD9456E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://raw.githubusercontent.com/SeleniumHQ/selenium/trunk/common/mirror/seleniumsafarisafaridriver
Source: file.exe, 00000003.00000003.2487660567.0000016200260000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183416308.0000016200ECE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490247092.0000016200261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487440877.000001620025B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486418694.000001620025A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2492977493.0000016200A63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489563488.0000016200A63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: file.exe, 00000003.00000003.2483741955.0000016200D41000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490386947.0000016200D5C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493760589.0000016200D5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487066064.0000016200D45000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485940670.0000016200D43000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487688784.0000016200D5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483243116.0000016200D3D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489127267.0000016200D5C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494998397.00000162010F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: file.exe, 00000003.00000002.2494998397.00000162010F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyb
Source: file.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: file.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsu
Source: file.exe, 00000003.00000003.2489007579.0000016202AF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486387295.0000016202AF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486253588.0000016202AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webauthn/#credential-parameters.
Source: file.exe, 00000003.00000002.2492499829.0000016200358000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-browser-version.
Source: file.exe, 00000003.00000002.2492499829.00000162002D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-insecure-tls-
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-platform-name.
Source: file.exe, 00000003.00000002.2492499829.00000162002D0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000002.2492499829.0000016200358000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies.
Source: file.exe, 00000003.00000002.2492499829.00000162002D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#timeouts.
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155913758.000001EBAD465000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157589883.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2158705143.000001EBAD467000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmp, file.exe, 00000003.00000002.2499585890.00007FFD94237000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.openssl.org/H
Source: file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180694535.0000016200A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: file.exe, 00000000.00000003.2159853967.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: file.exe, 00000003.00000002.2492499829.00000162002D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.selenium.dev/documentation/webdriver/troubleshooting/errors
Source: file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.selenium.dev/documentation/webdriver/troubleshooting/errors0
Source: file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.selenium.dev/downloads/
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: file.exe, 00000003.00000003.2483849862.0000016200D2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486007108.0000016200D36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485026968.0000016200D2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487066064.0000016200D36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485412170.0000016200D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00ADE2A0 NtWriteFile,NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,6_2_00ADE2A0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00AE45D0 NtReadFile,NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,GetModuleHandleA,GetProcAddress,6_2_00AE45D0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00AF9BA0 GetFileInformationByHandleEx,NtCreateFile,NtCreateFile,RtlNtStatusToDosError,6_2_00AF9BA0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00A152F8 NtCancelIoFileEx,RtlNtStatusToDosError,6_2_00A152F8
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051Jump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\DefaultJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\PreferencesJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Local StateJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\First RunJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_142547898Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Crashpad\settings.datJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\chrome_debug.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\BrowserMetricsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\BrowserMetrics\BrowserMetrics-6718FB28-878.pmaJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\VariationsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\e1a8b6e0-70cb-49a2-adb2-7001ac8236cc.tmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Local State~RF3a672.TMPJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\lockfileJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Last VersionJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\HistoryJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\OptimizationGuidePredictionModelsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\History-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\CacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_DataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync DataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDBJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\FaviconsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Favicons-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\NetworkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\491efee3-0538-4323-bcde-70682a4c0db8.tmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\SessionsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Web DataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Web Data-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\NetworkDataMigratedJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics DatabaseJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension RulesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\RecoveryImprovedJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\MediaFoundationWidevineCdmJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\MediaFoundationWidevineCdm\x64Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\WidevineCdmJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\pnaclJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Subresource FilterJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Subresource Filter\Unindexed RulesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\OnDeviceHeadSuggestModelJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\OptimizationHintsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\TrustTokenKeyCommitmentsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\SSLErrorAssistantJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\FileTypePoliciesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\CertificateRevocationJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\OriginTrialsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\MEIPreloadJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ThirdPartyModuleList64Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\PKIMetadataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\SafetyTipsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Crowd DenyJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\hyphen-dataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ZxcvbnDataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\AutofillStatesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ClientSidePhishingJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\commerce_subscription_dbJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\commerce_subscription_db\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\commerce_subscription_db\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Affiliation DatabaseJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Affiliation Database-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Login Data For AccountJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Login Data For Account-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Top SitesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Login DataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Login Data-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Top Sites-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code CacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\jsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasmJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasm\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\js\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasm\index-dirJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasm\index-dir\temp-indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_2Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\DevToolsActivePortJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_2Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\js\index-dirJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\js\index-dir\temp-indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_dbJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadataJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension ScriptsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Visited LinksJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension StateJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_2Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session StorageJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local StorageJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldbJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\000001.dbtmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\000003.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_2Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCacheJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\coupon_dbJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\coupon_db\LOGJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\coupon_db\LOCKJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_2Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Trust TokensJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Trust Tokens-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\CookiesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Cookies-journalJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\indexJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_2Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\f80e5f49-dde9-4727-88b2-7a2e069f26ee.tmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\8f1f3396-203a-4db9-bd11-316da6732c0a.tmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\SCT Auditing Pending Reports~RF3aa89.TMPJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Reporting and NELJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Reporting and NEL-journalJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5588_142547898Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB5DEC0_2_00007FF6DCDB5DEC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB4EA00_2_00007FF6DCDB4EA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD958E00_2_00007FF6DCD958E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA68780_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDAFA880_2_00007FF6DCDAFA88
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA26140_2_00007FF6DCDA2614
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDAFA880_2_00007FF6DCDAFA88
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB2DB00_2_00007FF6DCDB2DB0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA05600_2_00007FF6DCDA0560
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDACD640_2_00007FF6DCDACD64
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9FD400_2_00007FF6DCD9FD40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA16C40_2_00007FF6DCDA16C4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA66C40_2_00007FF6DCDA66C4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA4FC00_2_00007FF6DCDA4FC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA07640_2_00007FF6DCDA0764
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9FF440_2_00007FF6DCD9FF44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB511C0_2_00007FF6DCDB511C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA70FC0_2_00007FF6DCDA70FC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB58A00_2_00007FF6DCDB58A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDAD8780_2_00007FF6DCDAD878
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA2A180_2_00007FF6DCDA2A18
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB0A340_2_00007FF6DCDB0A34
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDAD1F80_2_00007FF6DCDAD1F8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA21DC0_2_00007FF6DCDA21DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA68780_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA01500_2_00007FF6DCDA0150
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA132C0_2_00007FF6DCDA132C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB324C0_2_00007FF6DCDB324C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD974200_2_00007FF6DCD97420
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB8BE80_2_00007FF6DCDB8BE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA03540_2_00007FF6DCDA0354
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA8D000_2_00007FF6DCDA8D00
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB5DEC3_2_00007FF6DCDB5DEC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA21DC3_2_00007FF6DCDA21DC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA132C3_2_00007FF6DCDA132C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA26143_2_00007FF6DCDA2614
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDAFA883_2_00007FF6DCDAFA88
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB2DB03_2_00007FF6DCDB2DB0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA05603_2_00007FF6DCDA0560
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDACD643_2_00007FF6DCDACD64
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD9FD403_2_00007FF6DCD9FD40
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA16C43_2_00007FF6DCDA16C4
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA66C43_2_00007FF6DCDA66C4
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB4EA03_2_00007FF6DCDB4EA0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA4FC03_2_00007FF6DCDA4FC0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA07643_2_00007FF6DCDA0764
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD9FF443_2_00007FF6DCD9FF44
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB511C3_2_00007FF6DCDB511C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA70FC3_2_00007FF6DCDA70FC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD958E03_2_00007FF6DCD958E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB58A03_2_00007FF6DCDB58A0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDAD8783_2_00007FF6DCDAD878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA68783_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA2A183_2_00007FF6DCDA2A18
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB0A343_2_00007FF6DCDB0A34
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDAD1F83_2_00007FF6DCDAD1F8
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA68783_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA01503_2_00007FF6DCDA0150
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDAFA883_2_00007FF6DCDAFA88
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB324C3_2_00007FF6DCDB324C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD974203_2_00007FF6DCD97420
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB8BE83_2_00007FF6DCDB8BE8
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA03543_2_00007FF6DCDA0354
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA8D003_2_00007FF6DCDA8D00
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93DD12F03_2_00007FFD93DD12F0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93DD18D03_2_00007FFD93DD18D0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5BF03_2_00007FFD93EF5BF0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF44C63_2_00007FFD93EF44C6
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF560F3_2_00007FFD93EF560F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF15C83_2_00007FFD93EF15C8
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF54CA3_2_00007FFD93EF54CA
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF42873_2_00007FFD93EF4287
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF50473_2_00007FFD93EF5047
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF542F3_2_00007FFD93EF542F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF65643_2_00007FFD93EF6564
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF55103_2_00007FFD93EF5510
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF216C3_2_00007FFD93EF216C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4F3E3_2_00007FFD93EF4F3E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF638E3_2_00007FFD93EF638E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3A8F3_2_00007FFD93EF3A8F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940318103_2_00007FFD94031810
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF68CA3_2_00007FFD93EF68CA
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF31893_2_00007FFD93EF3189
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1F963_2_00007FFD93EF1F96
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940A91C03_2_00007FFD940A91C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940311E03_2_00007FFD940311E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD9401D1E03_2_00007FFD9401D1E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F152003_2_00007FFD93F15200
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0D2603_2_00007FFD93F0D260
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF53A83_2_00007FFD93EF53A8
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5F103_2_00007FFD93EF5F10
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF710D3_2_00007FFD93EF710D
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF2D0B3_2_00007FFD93EF2D0B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3A853_2_00007FFD93EF3A85
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF736A3_2_00007FFD93EF736A
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1CFD3_2_00007FFD93EF1CFD
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF29823_2_00007FFD93EF2982
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF38323_2_00007FFD93EF3832
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF378D3_2_00007FFD93EF378D
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF47463_2_00007FFD93EF4746
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF43593_2_00007FFD93EF4359
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3BA23_2_00007FFD93EF3BA2
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF57D13_2_00007FFD93EF57D1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF72AC3_2_00007FFD93EF72AC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF16223_2_00007FFD93EF1622
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF12993_2_00007FFD93EF1299
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940918F03_2_00007FFD940918F0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4AC53_2_00007FFD93EF4AC5
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF54CF3_2_00007FFD93EF54CF
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF59F73_2_00007FFD93EF59F7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940A99903_2_00007FFD940A9990
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF21353_2_00007FFD93EF2135
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF50AB3_2_00007FFD93EF50AB
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF53C13_2_00007FFD93EF53C1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF72573_2_00007FFD93EF7257
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF266C3_2_00007FFD93EF266C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF35FD3_2_00007FFD93EF35FD
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0C4803_2_00007FFD93F0C480
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF2C753_2_00007FFD93EF2C75
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0C6203_2_00007FFD93F0C620
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF22AC3_2_00007FFD93EF22AC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93FA07403_2_00007FFD93FA0740
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF275C3_2_00007FFD93EF275C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6C213_2_00007FFD93EF6C21
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF25EF3_2_00007FFD93EF25EF
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF69E73_2_00007FFD93EF69E7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD9401C8403_2_00007FFD9401C840
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940200803_2_00007FFD94020080
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF41013_2_00007FFD93EF4101
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5B733_2_00007FFD93EF5B73
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF14243_2_00007FFD93EF1424
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940A82903_2_00007FFD940A8290
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF2E8C3_2_00007FFD93EF2E8C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940303703_2_00007FFD94030370
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF12173_2_00007FFD93EF1217
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF10AA3_2_00007FFD93EF10AA
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF26E93_2_00007FFD93EF26E9
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF65A03_2_00007FFD93EF65A0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF44033_2_00007FFD93EF4403
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF22FC3_2_00007FFD93EF22FC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4A533_2_00007FFD93EF4A53
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF592F3_2_00007FFD93EF592F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF11403_2_00007FFD93EF1140
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF144C3_2_00007FFD93EF144C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1D893_2_00007FFD93EF1D89
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF362F3_2_00007FFD93EF362F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6EBF3_2_00007FFD93EF6EBF
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF177B3_2_00007FFD93EF177B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6D5C3_2_00007FFD93EF6D5C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF11CC3_2_00007FFD93EF11CC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940A49C03_2_00007FFD940A49C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4B563_2_00007FFD93EF4B56
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF2D743_2_00007FFD93EF2D74
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF2FCC3_2_00007FFD93EF2FCC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4C143_2_00007FFD93EF4C14
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5D8A3_2_00007FFD93EF5D8A
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F1B4C03_2_00007FFD93F1B4C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF51693_2_00007FFD93EF5169
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940275603_2_00007FFD94027560
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF704A3_2_00007FFD93EF704A
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD9412F5703_2_00007FFD9412F570
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6F283_2_00007FFD93EF6F28
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF22E83_2_00007FFD93EF22E8
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1EA13_2_00007FFD93EF1EA1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F1B8503_2_00007FFD93F1B850
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0F0603_2_00007FFD93F0F060
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6CBC3_2_00007FFD93EF6CBC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF213F3_2_00007FFD93EF213F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF114F3_2_00007FFD93EF114F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0F2003_2_00007FFD93F0F200
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD9402B2703_2_00007FFD9402B270
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF29CD3_2_00007FFD93EF29CD
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3B933_2_00007FFD93EF3B93
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6EF13_2_00007FFD93EF6EF1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF32E73_2_00007FFD93EF32E7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD94027D403_2_00007FFD94027D40
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0BD603_2_00007FFD93F0BD60
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF27663_2_00007FFD93EF2766
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4C373_2_00007FFD93EF4C37
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0BF203_2_00007FFD93F0BF20
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF22893_2_00007FFD93EF2289
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3FDA3_2_00007FFD93EF3FDA
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6A873_2_00007FFD93EF6A87
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940939A03_2_00007FFD940939A0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF21B73_2_00007FFD93EF21B7
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940A79C03_2_00007FFD940A79C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF60A03_2_00007FFD93EF60A0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F5FA003_2_00007FFD93F5FA00
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF41653_2_00007FFD93EF4165
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF30C13_2_00007FFD93EF30C1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF655F3_2_00007FFD93EF655F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5A603_2_00007FFD93EF5A60
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF36933_2_00007FFD93EF3693
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1CC13_2_00007FFD93EF1CC1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1A4B3_2_00007FFD93EF1A4B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF6FFF3_2_00007FFD93EF6FFF
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF60DC3_2_00007FFD93EF60DC
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940260803_2_00007FFD94026080
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1B313_2_00007FFD93EF1B31
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF34863_2_00007FFD93EF3486
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF707C3_2_00007FFD93EF707C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940263803_2_00007FFD94026380
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5DA33_2_00007FFD93EF5DA3
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF46333_2_00007FFD93EF4633
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4D043_2_00007FFD93EF4D04
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93FD2EC03_2_00007FFD93FD2EC0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93F0EF003_2_00007FFD93F0EF00
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF1B223_2_00007FFD93EF1B22
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF72C53_2_00007FFD93EF72C5
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD940228C03_2_00007FFD940228C0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF23F13_2_00007FFD93EF23F1
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF4E4E3_2_00007FFD93EF4E4E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5E253_2_00007FFD93EF5E25
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD94092A603_2_00007FFD94092A60
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5B0F3_2_00007FFD93EF5B0F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3357FA93_2_00007FFDA3357FA9
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3357E503_2_00007FFDA3357E50
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339256D3_2_00007FFDA339256D
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33F02B03_2_00007FFDA33F02B0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33920AE3_2_00007FFDA33920AE
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3396BA03_2_00007FFDA3396BA0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33915373_2_00007FFDA3391537
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3391BDB3_2_00007FFDA3391BDB
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339115E3_2_00007FFDA339115E
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33915B43_2_00007FFDA33915B4
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339168B3_2_00007FFDA339168B
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA339B3703_2_00007FFDA339B370
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33913983_2_00007FFDA3391398
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33A12103_2_00007FFDA33A1210
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00A1100A6_2_00A1100A
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009B90B86_2_009B90B8
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B141266_2_00B14126
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009E61506_2_009E6150
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009CA16D6_2_009CA16D
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00A0415D6_2_00A0415D
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B1B2BF6_2_00B1B2BF
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009DA2B06_2_009DA2B0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B773976_2_00B77397
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00ADE3C06_2_00ADE3C0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B514E56_2_00B514E5
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009D95DD6_2_009D95DD
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B1C5636_2_00B1C563
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009E25406_2_009E2540
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B726BF6_2_00B726BF
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B736986_2_00B73698
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009E16C06_2_009E16C0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009BB67F6_2_009BB67F
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009B173B6_2_009B173B
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009ED75E6_2_009ED75E
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00AE47406_2_00AE4740
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009DA8306_2_009DA830
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B2298E6_2_00B2298E
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00AE09006_2_00AE0900
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009DAAC06_2_009DAAC0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B51A1C6_2_00B51A1C
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009B1A496_2_009B1A49
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009BABF06_2_009BABF0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00A11C156_2_00A11C15
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009E0DF06_2_009E0DF0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009B1D396_2_009B1D39
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009F2EFB6_2_009F2EFB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009DAFB06_2_009DAFB0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B72F106_2_00B72F10
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00ABAF626_2_00ABAF62
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: String function: 009C1CC0 appears 66 times
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: String function: 009CB5C1 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: String function: 00B72AE0 appears 43 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF6DCD91C50 appears 90 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF2A04 appears 172 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF300D appears 55 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF4D68 appears 37 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF688E appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF698D appears 49 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF2734 appears 509 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDA33912EE appears 324 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF4057 appears 781 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF6DCD91CB0 appears 38 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDA33FD845 appears 64 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF1EF1 appears 1577 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF483B appears 127 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFD93EF24B9 appears 83 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDA33FD7AF appears 99 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: file.exe, 00000000.00000003.2156840221.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000000.00000003.2154267284.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2157067174.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2158866407.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2153887963.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2155449212.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exeBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000003.00000002.2503448043.00007FFDA4172000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2502183974.00007FFDA3465000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2504653416.00007FFDA5496000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000003.00000003.2179864050.00000162002C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs file.exe
Source: file.exe, 00000003.00000002.2504418735.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000003.00000002.2502991123.00007FFDA3C32000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2502383056.00007FFDA3AFD000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2501175307.00007FFD94687000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs file.exe
Source: file.exe, 00000003.00000002.2503912719.00007FFDA4636000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs file.exe
Source: file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs file.exe
Source: file.exe, 00000003.00000002.2503187582.00007FFDA3FD4000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2504172934.00007FFDA4DAD000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs file.exe
Source: file.exe, 00000003.00000002.2498541001.00007FFD93EE1000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2499585890.00007FFD94237000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs file.exe
Source: file.exe, 00000003.00000002.2501409560.00007FFDA337D000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs file.exe
Source: file.exe, 00000003.00000002.2502793528.00007FFDA3C14000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs file.exe
Source: classification engineClassification label: mal52.evad.winEXE@29/138@0/2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD96670 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6DCD96670
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeFile created: C:\Users\user\.cacheJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_03
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642Jump to behavior
Source: selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpMemory string: rustls::msgs::handshake
Source: selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpMemory string: rustls::msgs::handshakeT
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Affiliation Database.15.drBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Login Data For Account.15.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: selenium-manager.exeString found in binary or memory: {before-help}{about-with-newline} {usage-heading} {usage} {all-args}{after-help}{before-help}{about-with-newline} {usage-heading} {usage}{after-help}binauthorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-args
Source: selenium-manager.exeString found in binary or memory: usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: all-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: usage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output
Source: selenium-manager.exeString found in binary or memory: Usage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_templat
Source: selenium-manager.exeString found in binary or memory: about-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.
Source: selenium-manager.exeString found in binary or memory: about-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84
Source: selenium-manager.exeString found in binary or memory: after-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: subcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: tabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: positionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: optionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-1285ae84e5963aae\clap-4.1.11\src\output\help_template.rs
Source: selenium-manager.exeString found in binary or memory: {before-help}{about-with-newline} {usage-heading} {usage}{after-help}binauthorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options
Source: selenium-manager.exeString found in binary or memory: aboutabout-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\github.com-128
Source: selenium-manager.exeString found in binary or memory: author-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.cargo\registry\src\
Source: selenium-manager.exeString found in binary or memory: authorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runnera
Source: selenium-manager.exeString found in binary or memory: binauthorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runn
Source: selenium-manager.exeString found in binary or memory: author-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{n}CommandsArguments:Options: Possible values:Only called with possible valueC:\Users\runneradmin\.
Source: selenium-manager.exeString found in binary or memory: unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required bu
Source: selenium-manager.exeString found in binary or memory: unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required bu
Source: selenium-manager.exeString found in binary or memory: unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa
Source: selenium-manager.exeString found in binary or memory: unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa
Source: selenium-manager.exeString found in binary or memory: [possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan arg
Source: selenium-manager.exeString found in binary or memory: [possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan arg
Source: selenium-manager.exeString found in binary or memory: ' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments
Source: selenium-manager.exeString found in binary or memory: ' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments
Source: selenium-manager.exeString found in binary or memory: ' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not provide
Source: selenium-manager.exeString found in binary or memory: ' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not provide
Source: selenium-manager.exeString found in binary or memory: a value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or
Source: selenium-manager.exeString found in binary or memory: a value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or
Source: selenium-manager.exeString found in binary or memory: ' for '' found; no more were expectedinvalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help Fo
Source: selenium-manager.exeString found in binary or memory: ' for '' found; no more were expectedinvalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help Fo
Source: selenium-manager.exeString found in binary or memory: ' found; no more were expectedinvalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more
Source: selenium-manager.exeString found in binary or memory: ' found; no more were expectedinvalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more
Source: selenium-manager.exeString found in binary or memory: ': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinv
Source: selenium-manager.exeString found in binary or memory: ': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinv
Source: selenium-manager.exeString found in binary or memory: equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvali
Source: selenium-manager.exeString found in binary or memory: equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist exists' existsinvali
Source: selenium-manager.exeString found in binary or memory: invalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist ex
Source: selenium-manager.exeString found in binary or memory: invalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided --help For more information, try ''. exist ex
Source: selenium-manager.exeString found in binary or memory: --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the ot
Source: selenium-manager.exeString found in binary or memory: --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the ot
Source: selenium-manager.exeString found in binary or memory: --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the
Source: selenium-manager.exeString found in binary or memory: --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the
Source: selenium-manager.exeString found in binary or memory: was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or
Source: selenium-manager.exeString found in binary or memory: was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or
Source: selenium-manager.exeString found in binary or memory: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be us
Source: selenium-manager.exeString found in binary or memory: were provided was provided --help For more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be us
Source: selenium-manager.exeString found in binary or memory: invalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist ex
Source: selenium-manager.exeString found in binary or memory: invalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist ex
Source: selenium-manager.exeString found in binary or memory: ' for '' found; no more were expectedinvalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFo
Source: selenium-manager.exeString found in binary or memory: ' for '' found; no more were expectedinvalid value '': equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFo
Source: selenium-manager.exeString found in binary or memory: unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa
Source: selenium-manager.exeString found in binary or memory: unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa
Source: selenium-manager.exeString found in binary or memory: equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist exists' existsinvali
Source: selenium-manager.exeString found in binary or memory: equal sign is needed when assigning values to 'unrecognized subcommand 'unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist exists' existsinvali
Source: selenium-manager.exeString found in binary or memory: unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required bu
Source: selenium-manager.exeString found in binary or memory: unexpected argument '' founda value is required for '' but none was supplied[possible values: were provided was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required bu
Source: selenium-manager.exeString found in binary or memory: were provided was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be us
Source: selenium-manager.exeString found in binary or memory: were provided was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be us
Source: selenium-manager.exeString found in binary or memory: was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or
Source: selenium-manager.exeString found in binary or memory: was provided--helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or
Source: selenium-manager.exeString found in binary or memory: --helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the
Source: selenium-manager.exeString found in binary or memory: --helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the
Source: selenium-manager.exeString found in binary or memory: --helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the ot
Source: selenium-manager.exeString found in binary or memory: --helpFor more information, try ''. exist exists' existsinvalid UTF-8 was detected in one or more argumentsa subcommand is required but one was not providedone or more required arguments were not providedan argument cannot be used with one or more of the ot
Source: selenium-manager.exeString found in binary or memory: {before-help}{about-with-newline}{usage-heading} {usage}{all-args}{after-help}{before-help}{about-with-newline}{usage-heading} {usage}{after-help}binauthorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingUsage:usageall-args
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --output json
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "wmic os get osarchitecture"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic os get osarchitecture
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "set PFILES=%PROGRAMFILES: (x86)=%&& wmic datafile where name='!PFILES:\=\\!\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "chromedriver --version"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe --port=49712
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:,
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" --enable-logging --log-level=0 --mojo-platform-channel-handle=2084 --field-trial-handle=2036,i,13163750102934017534,8503344207815821219,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --output jsonJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe --port=49712Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "wmic os get osarchitecture"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "set PFILES=%PROGRAMFILES: (x86)=%&& wmic datafile where name='!PFILES:\=\\!\\Google\\Chrome\\Application\\chrome.exe' get Version /value"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "chromedriver --version"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic os get osarchitectureJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /valueJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:,Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" --enable-logging --log-level=0 --mojo-platform-channel-handle=2084 --field-trial-handle=2036,i,13163750102934017534,8503344207815821219,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: symsrv.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: file.exeStatic file information: File size 12439130 > 1048576
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: file.exe, 00000003.00000002.2501994483.00007FFDA344D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.2155319281.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2503290715.00007FFDA4168000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: wkernel32.pdb source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005C2D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420878035.0000000005C22000.00000004.00000020.00020000.00000000.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb( source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005C22000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000003.00000002.2499298256.00007FFD9413E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: \??\C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BD8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502514717.00007FFDA3C0B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: file.exe, 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.2155228098.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2503742329.00007FFDA4633000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: file.exe, 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: file.exe, 00000003.00000002.2499298256.00007FFD9413E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.2158866407.000001EBAD461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2498012770.00007FFD93EDB000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.2153887963.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2504326644.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: \??\C:\Users\user\Desktop\symbols\exe\chromedriver.exe.pdb(z source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BF9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: file.exe, 00000003.00000002.2499298256.00007FFD941C0000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: \??\C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\wntdll.pdb\* source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BF9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\Desktop\symbols\exe\chromedriver.exe.pdb} source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BF9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdbP>`>p> source: chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_uuid.pdb source: file.exe, 00000000.00000003.2155571115.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2503107994.00007FFDA3FD2000.00000002.00000001.01000000.00000010.sdmp, _uuid.pyd.0.dr
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.2155085857.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502514717.00007FFDA3C0B000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: wkernel32.pdb( source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005C2D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_elementtree.pdb source: file.exe, 00000000.00000003.2154470298.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502312754.00007FFDA3AF4000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.2154660836.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2504085065.00007FFDA4DA6000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: file.exe, 00000003.00000002.2500410089.00007FFD9456E000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.2158705143.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2504564535.00007FFDA5493000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: file.exe, 00000003.00000002.2501320240.00007FFDA3372000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: \??\C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\symbols\exe\chromedriver.exe.pdb source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BD8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.2154065258.000001EBAD45A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2502911921.00007FFDA3C2D000.00000002.00000001.01000000.00000009.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: file.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: chromedriver.exe.6.drStatic PE information: section name: .00cfg
Source: chromedriver.exe.6.drStatic PE information: section name: .rodata
Source: chromedriver.exe.6.drStatic PE information: section name: malloc_h
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5EB9 push ds; iretd 6_3_00EA5EBA
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5EB9 push ds; iretd 6_3_00EA5EBA
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5EB9 push ds; iretd 6_3_00EA5EBA
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5EB9 push ds; iretd 6_3_00EA5EBA
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5EB9 push ds; iretd 6_3_00EA5EBA
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5E6D push esi; ret 6_3_00EA5E92
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5E6D push esi; ret 6_3_00EA5E92
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5E6D push esi; ret 6_3_00EA5E92
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5E6D push esi; ret 6_3_00EA5E92
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA5E6D push esi; ret 6_3_00EA5E92
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7E63 push ecx; retf 6_3_00EA7E64
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7E63 push ecx; retf 6_3_00EA7E64
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7E63 push ecx; retf 6_3_00EA7E64
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7E63 push ecx; retf 6_3_00EA7E64
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA622B push ebx; retf 6_3_00EA622D
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA622B push ebx; retf 6_3_00EA622D
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA622B push ebx; retf 6_3_00EA622D
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA622B push ebx; retf 6_3_00EA622D
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA6A0F push eax; iretd 6_3_00EA6A11
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA6A0F push eax; iretd 6_3_00EA6A11
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA6A0F push eax; iretd 6_3_00EA6A11
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA6A0F push eax; iretd 6_3_00EA6A11
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA6A0F push eax; iretd 6_3_00EA6A11
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA3FCA push ss; retf 6_3_00EA3FCB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA3FCA push ss; retf 6_3_00EA3FCB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA3FCA push ss; retf 6_3_00EA3FCB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA3FCA push ss; retf 6_3_00EA3FCB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA3FCA push ss; retf 6_3_00EA3FCB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7DC9 push cs; ret 6_3_00EA7DEB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7DC9 push cs; ret 6_3_00EA7DEB
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_3_00EA7DC9 push cs; ret 6_3_00EA7DEB

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\file.exeProcess created: "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeFile created: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13642\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD92F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6DCD92F20
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF572C rdtsc 3_2_00007FFD93EF572C
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13642\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17161
Source: C:\Users\user\Desktop\file.exeAPI coverage: 0.9 %
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD969E0 FindFirstFileExW,FindClose,0_2_00007FF6DCD969E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6DCDB0A34
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDB0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF6DCDB0A34
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD969E0 FindFirstFileExW,FindClose,3_2_00007FF6DCD969E0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF6DCDA6878
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,3_2_00007FFD93EF3229
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00AE72E0 CloseHandle,FindFirstFileW,FindClose,6_2_00AE72E0
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: VMnet
Source: chromedriver.exe, 0000000E.00000002.2420878035.0000000005BD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: chrome.exeDefaultFirst RunLocal StatePreferences..\..\net\base\network_interfaces_win.ccWlanApiwlanapi.dllWlanOpenHandleWlanEnumInterfacesWlanQueryInterfaceWlanSetInterfaceWlanFreeMemoryWlanCloseHandleVMnetGetAdaptersAddresses failed:
Source: file.exe, 00000003.00000002.2493760589.0000016200D7D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2182359838.0000016200D7D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483243116.0000016200D6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483741955.0000016200D6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485667207.0000016200D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2488382814.0000016200D7D000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exeBinary or memory string: Hyper-V RAW
Source: selenium-manager.exe, 00000006.00000003.2262446539.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2231874371.0000000000EB9000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2274313088.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2262494584.0000000000EB9000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2247444977.0000000000EB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF572C3_2_00007FFD93EF572C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF42413_2_00007FFD93EF4241
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF572C rdtsc 3_2_00007FFD93EF572C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9AA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6DCD9AA2C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB2620 GetProcessHeap,0_2_00007FF6DCDB2620
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9AA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6DCD9AA2C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9A180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6DCD9A180
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9ABD4 SetUnhandledExceptionFilter,0_2_00007FF6DCD9ABD4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDA9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6DCDA9C44
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD9AA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6DCD9AA2C
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD9A180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF6DCD9A180
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCD9ABD4 SetUnhandledExceptionFilter,3_2_00007FF6DCD9ABD4
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FF6DCDA9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6DCDA9C44
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93DD2AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFD93DD2AA0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93DD3068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFD93DD3068
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFD93EF5A1F
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA33600B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDA33600B0
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFDA3360678 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDA3360678
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_009B6B50 RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetLastError,6_2_009B6B50
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeCode function: 6_2_00B63FF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00B63FF0
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --output jsonJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe --port=49712Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "wmic os get osarchitecture"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "set PFILES=%PROGRAMFILES: (x86)=%&& wmic datafile where name='!PFILES:\=\\!\\Google\\Chrome\\Application\\chrome.exe' get Version /value"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /v/c "chromedriver --version"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic os get osarchitectureJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /valueJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB8A30 cpuid 0_2_00007FF6DCDB8A30
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\devtools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\remote VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\remote VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\_elementtree.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13642\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium\selenium-manager.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\.cache\selenium VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exeQueries volume information: C:\Users\user\AppData\Local\Temp\selenium-managerIWMEOk\chromedriver_win32.zip VolumeInformationJump to behavior
Source: C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exeQueries volume information: C:\Windows\SystemTemp\scoped_dir5588_1830855051\DevToolsActivePort VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCD9A910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6DCD9A910
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF6DCDB4EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6DCDB4EA0
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00007FFD93EF2B5D bind,WSAGetLastError,3_2_00007FFD93EF2B5D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		11
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets33
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1540232 Sample: file.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 52 54 AI detected suspicious sample 2->54 9 file.exe 48 2->9         started        process3 file4 42 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->42 dropped 44 C:\Users\user\...\selenium-manager.exe, PE32 9->44 dropped 46 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 9->46 dropped 48 16 other files (none is malicious) 9->48 dropped 56 Found pyInstaller with non standard icon 9->56 58 Potentially malicious time measurement code found 9->58 13 file.exe 1 9->13         started        15 conhost.exe 9->15         started        signatures5 process6 process7 17 selenium-manager.exe 13 13->17         started        20 chromedriver.exe 7 13->20         started        23 cmd.exe 1 13->23         started        dnsIp8 40 C:\Users\user\.cache\...\chromedriver.exe, PE32 17->40 dropped 25 cmd.exe 1 17->25         started        27 cmd.exe 1 17->27         started        29 cmd.exe 1 17->29         started        50 127.0.0.1 unknown unknown 20->50 31 chrome.exe 161 20->31         started        file9 process10 dnsIp11 34 WMIC.exe 1 25->34         started        36 WMIC.exe 1 27->36         started        52 239.255.255.250 unknown Reserved 31->52 38 chrome.exe 15 31->38         started        process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_elementtree.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\linux\selenium-manager0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\macos\selenium-manager0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13642\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://repository.swisssign.com/00%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
https://httpbin.org/0%URL Reputationsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%URL Reputationsafe
http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
http://www.accv.es000%URL Reputationsafe
http://www.firmaprofesional.com/cps00%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol.file.exe, 00000003.00000002.2494012998.0000016200EEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486931212.0000016200ECF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    https://dns10.quad9.net/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
      		unknown
      https://w3c.github.io/webauthn/#credential-parameters.file.exe, 00000003.00000003.2489007579.0000016202AF4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486387295.0000016202AF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486253588.0000016202AC5000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://doh.familyshield.opendns.com/dns-querychromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
          		unknown
          http://crl.dhimyotis.com/certignarootca.crl0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
            		unknown
            https://doh.cleanbrowsing.org/doh/security-filterchromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
              		unknown
              https://public.dns.iij.jp/chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                		unknown
                http://repository.swisssign.com/0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://python.org/dev/peps/pep-0263/file.exe, 00000003.00000002.2500410089.00007FFD9456E000.00000002.00000001.01000000.00000004.sdmpfalse
                  		unknown
                  https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#file.exe, 00000003.00000003.2487924372.0000016200231000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200A60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487535305.0000016200A73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489760436.0000016200237000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489098306.0000016200232000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489372049.0000016200A75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487562631.000001620022E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2491791632.000001620023B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://bit.ly/3rpDuEX.WebBundleURLLoaderFactory::OnResponseParsedX-Content-Type-OptionsInvalidchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                      		unknown
                      http://127.0.0.1:4444/wd/hubfile.exe, 00000003.00000003.2486931212.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494012998.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485726774.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489818775.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489474598.0000016200EEA000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://tools.ietf.org/html/rfc2388#section-4.4file.exe, 00000003.00000003.2487660567.0000016200260000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183416308.0000016200ECE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490247092.0000016200261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487440877.000001620025B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486418694.000001620025A000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://chromedriver.storaselenium-manager.exe, selenium-manager.exe, 00000006.00000003.2262446539.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000002.2377797505.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2376784046.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2231874371.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, selenium-manager.exe, 00000006.00000003.2274313088.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://doh.cox.net/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                              		unknown
                              https://www.nic.cz/odvr/chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                		unknown
                                https://dns11.quad9.net/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                  		unknown
                                  https://www.selenium.dev/documentation/webdriver/troubleshooting/errors0file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                      		unknown
                                      http://httpswsswsdevtools/browser/json/versionjson/listdevtools://chrome://print/..chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                        		unknown
                                        https://chromedriver.chromium.org/homegfile.exe, 00000003.00000002.2495655907.0000016202F1C000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://www.nic.cz/odvr/CZ.NICchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                            		unknown
                                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963file.exe, 00000003.00000003.2481987550.0000016200DDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200DEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485093660.0000016200DF0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183614526.0000016200DD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484427473.0000016200DEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.selenium.dev/downloads/file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://chromium.googlesource.com/chromium/src/chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                  		unknown
                                                  https://w3c.github.io/webdriver/#dfn-file.exe, 00000003.00000002.2492499829.0000016200358000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://json.orgfile.exe, 00000003.00000003.2483715593.0000016200AE7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483741955.0000016200D6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484394550.0000016200DCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485667207.0000016200D72000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://public.dns.iij.jp/IIJchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                        		unknown
                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyfile.exe, 00000003.00000003.2483741955.0000016200D41000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490386947.0000016200D5C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493760589.0000016200D5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487066064.0000016200D45000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485940670.0000016200D43000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487688784.0000016200D5A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483243116.0000016200D3D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489127267.0000016200D5C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494998397.00000162010F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2492499829.0000016200358000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://github.com/clap-rs/clap/issuesC:selenium-manager.exe, selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpfalse
                                                              		unknown
                                                              https://github.com/mozilla/geckodriver/releases/selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                		unknown
                                                                https://cleanbrowsing.org/privacyCleanBrowsingchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                  		unknown
                                                                  https://nextdns.io/privacychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                    		unknown
                                                                    http://127.0.0.1:02file.exe, 00000003.00000002.2495655907.0000016202E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://w3c.github.io/webdriver/#dfn-browser-version.file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://bit.ly/3rpDuEX.chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                          		unknown
                                                                          https://alekberg.net/privacyalekberg.netchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                            		unknown
                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxybfile.exe, 00000003.00000002.2494998397.00000162010F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://wwww.certigna.fr/autorites/0mchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=TinkoffNew&asset=USDTz9https://p2p.binanfile.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2182318031.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2491124044.0000016200ADC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487834894.0000016200ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493288358.0000016200ADD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerfile.exe, 00000003.00000003.2487924372.0000016200231000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200A60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487535305.0000016200A73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489760436.0000016200237000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489098306.0000016200232000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489372049.0000016200A75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487562631.000001620022E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2491791632.000001620023B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://github.com/ziglang/zig-bootstrapfile.exe, 00000000.00000003.2160747528.000001EBAD45D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://developers.google.com/speed/public-dns/privacyGooglechromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                      		unknown
                                                                                      https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                        		unknown
                                                                                        http://www.w3.orchromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                          		unknown
                                                                                          https://httpbin.org/file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489563488.0000016200A63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://dns64.dns.google/dns-querychromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                            		unknown
                                                                                            https://w3c.github.io/webdriver/#timeouts.file.exe, 00000003.00000002.2492499829.00000162002D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://doh.opendns.com/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlfile.exe, 00000003.00000003.2181302372.0000016200D21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181302372.0000016200D11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://p2p.binance.com/ru/trade/TinkoffNew/USDT?fiat=RUBfile.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2182318031.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2491124044.0000016200ADC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487834894.0000016200ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493288358.0000016200ADD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539#file.exe, 00000003.00000003.2481987550.0000016200DDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200DEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485093660.0000016200DF0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183614526.0000016200DD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484427473.0000016200DEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilitiesfile.exe, 00000003.00000002.2494012998.0000016200EEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486931212.0000016200ECF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://dns.quad9.net/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://certificates.godaddy.com/repository/gd_intermediate.crt0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535file.exe, 00000003.00000003.2485026968.0000016200D20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200DDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2482497361.0000016200DEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183614526.0000016200DD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484427473.0000016200DEE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483849862.0000016200D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syfile.exe, 00000003.00000003.2487924372.0000016200231000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181597202.0000016200A60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487535305.0000016200A73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2179864050.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489760436.0000016200237000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2489098306.0000016200232000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484898101.0000016200A50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180003648.00000162002AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180666557.000001620028B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485488510.0000016200A61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487562631.000001620022E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2491791632.000001620023B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://s..chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://report-example.test/testchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://127.0.0.1:file.exe, 00000003.00000002.2495655907.0000016202E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://chromedriver.chromium.org/homefile.exe, 00000003.00000002.2495655907.0000016202F1C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://tools.ietf.org/html/rfc6125#section-6.4.3file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://public.dns.iij.jp/dns-querychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://crl.xrampsecurity.com/XGCA.crl0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://schemas.xmlsoap.org/wsdl/file.exe, 00000003.00000002.2495808058.0000016202FEC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.iana.orgfile.exe, 00000003.00000002.2495808058.0000016203010000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=TinkoffNew&asset=USDTfile.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://google.com/mailfile.exe, 00000003.00000003.2483849862.0000016200D2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2486007108.0000016200D36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485026968.0000016200D2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487066064.0000016200D36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485412170.0000016200D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481987550.0000016200EB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483959661.0000016200EB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.accv.es00chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyfile.exe, 00000003.00000003.2483645537.0000016200A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmfile.exe, 00000003.00000003.2181302372.0000016200D21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2181302372.0000016200D11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://alekberg.net/privacychromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://dnsnl.alekberg.net/dns-querychromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://tools.ietf.org/html/rfc3492)chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.file.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487834894.0000016200ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2183385762.0000016202A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://google.com/file.exe, 00000003.00000003.2484712447.0000016200ABD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485782870.0000016200AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485349770.0000016200AD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2493177698.0000016200ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2481765348.0000016200A7B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484747804.0000016200AC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490145488.0000016200ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2490840783.0000016200ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484214712.0000016200A83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://html4/loose.dtdchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://mahler:8092/site-updates.pyfile.exe, 00000003.00000003.2482497361.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484962480.0000016200EEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485552323.0000016200EEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2180694535.0000016200A32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://schemas.mifile.exefalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://127.0.0.1:4444file.exe, 00000003.00000002.2495655907.0000016202E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocolfile.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000003.00000002.2495103910.0000016202990000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.python.org/download/releases/2.3/mro/.file.exe, 00000003.00000002.2492499829.00000162002D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://chromium.dns.nextdns.iochromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://myproxy.net:8080)TIMEOUTTimeoutselenium-manager.exe, selenium-manager.exe, 00000006.00000002.2377427127.0000000000B78000.00000002.00000001.01000000.00000013.sdmp, selenium-manager.exe, 00000006.00000000.2184901565.0000000000B78000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://w3c.github.io/webdriver/#dfn-platform-name.file.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://clients3.google.com/cert_upload_jsonchromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://chromedevtools.github.io/devtools-protocol/file.exe, 00000003.00000003.2486633775.0000016200A18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2492889487.0000016200A1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2483818603.0000016200A17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2487304382.0000016200A18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.firmaprofesional.com/cps0chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://dns.google/dns-querychromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://p2p.binance.com/ru/trade/sell/USDT?fiat=RUB&payment=TinkoffNew&asset=USDTdfile.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://certificates.godaddy.com/repository100.chromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://www.w3.orffile.exe, 00000003.00000003.2489007579.0000016202AFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2495514731.0000016202AFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2484051510.0000016202AFA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2485438480.0000016202AFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://github.com/urllib3/urllib3/issues/2920file.exe, 00000003.00000002.2494885102.0000016200FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://www.selenium.dev/documentation/webdriver/troubleshooting/errorsfile.exe, 00000003.00000002.2494722643.0000016200EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://.csschromedriver.exe, 0000000E.00000000.2380751686.0000000001422000.00000002.00000001.01000000.00000015.sdmp, chromedriver.exe, 0000000E.00000002.2420130974.0000000001422000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                            		unknown

                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                            Public IPs

                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                            		unknownunknownfalse

                                                                                                                                                                                            Private

                                                                                                                                                                                            IP
                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                            General Information

                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                            Analysis ID:1540232
                                                                                                                                                                                            Start date and time:2024-10-23 15:32:09 +02:00
                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                            Overall analysis duration:0h 9m 13s
                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                            Report type:full
                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                            Number of analysed new started processes analysed:19
                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                            Technologies:
                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                            Sample name:file.exe
                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                            Classification:mal52.evad.winEXE@29/138@0/2
                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                            Warnings

                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 142.250.184.251, 216.58.212.187, 142.250.181.251, 142.250.185.187, 142.250.186.91, 142.250.186.155, 142.250.74.219, 142.250.186.59, 172.217.18.27, 142.250.186.123, 172.217.16.219, 216.58.206.91, 142.250.184.219, 142.250.186.187, 172.217.18.123, 172.217.23.123, 142.251.168.84
                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, chromedriver.storage.googleapis.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                            • VT rate limit hit for: file.exe

                                                                                                                                                                                            Simulations

                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                            09:33:07API Interceptor2x Sleep call for process: WMIC.exe modified

                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                            IPs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            239.255.255.250https://re.e-sharedonedrivefile.com/skjashdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://hnamedmr.ukremediatlon.co.uk/LVGwXwqPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                https://hnamedmr.ukremediatlon.co.uk/LVGwXwqPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  https://t.ly/ZPR23.10Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    https://clinicaotoface1.websiteseguro.com/no/ai/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://us-west-2.protection.sophos.com/?d=site.pro&u=aHR0cHM6Ly9jbGF1ZGlha3J1ZWdlci5zaXRlLnByby8=&i=NThlN2NjYzYyOTljZjkxNGY4YmM1Njkz&t=QTRyTlRXbysvd3IyNERLT1pJYVNuNlAvU0FLMVAyb2pCN053UGFJSWtBST0=&h=dd65eaa7298b4ffebbd13b01dcbd3434&s=AVNPUEhUT0NFTkNSWVBUSVYfWTd0VrJEAZ1PFPx8UNdDDkWk4HVuGeVZrBnJzV7IfgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://t.ly/cI3TmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          Totalenergies.com_reff_3243808335_ATGeyDyASJ.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                            https://app.oneflow.com/api/agreements/8821185/assets/b81e65c04f5acdc6369b89fe6d9aba378483abd6.pdf?at=490c38a4784c740c75de3531f3291888226b3acdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0 - 2024-10-23T084901.360.emlGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13642\VCRUNTIME140.dllSolaraV4.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          LisectAVT_2403002A_216.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            https://portal.regista-online.de/s/wr/setup/SecSigner-7-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              LaZagne.exeGet hashmaliciousPython Stealer, LaZagneBrowse
                                                                                                                                                                                                                                SecuriteInfo.com.Trojan.Python.Psw.25309.14489.exeGet hashmaliciousBazaLoaderBrowse
                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Python.Psw.25309.14489.exeGet hashmaliciousBazaLoaderBrowse
                                                                                                                                                                                                                                    C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe6NCrknlt7S.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe
                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):12273664
                                                                                                                                                                                                                                      Entropy (8bit):7.095260250394812
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:196608:Em/gCQVBvGc8mkijo3hVoYYo/giRTxkS8uBb3V75rbFErndRu23rR21G70iBRqGK:J/gfGhijo3hVoYYo/giRTxkS8uBb3V70
                                                                                                                                                                                                                                      MD5:11DA4A5176071F39DE7F81464E4B40BD
                                                                                                                                                                                                                                      SHA1:4F20EAB395924D1252A6D855982F6BE5D5229FF0
                                                                                                                                                                                                                                      SHA-256:FFA8AEE6D8B251B21D7744980196FB556CA7E4247AA7017D5E7EE7D498D50C4D
                                                                                                                                                                                                                                      SHA-512:FE5D716CF6275B77E0FB069B2BCFD64F3AA5E8B4BAA63877069F2B1BA70C32720F5322D4A78EF75849A129E5C5DAB6F1F3D80222B744F4253BC5C236C7BBE919
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: 6NCrknlt7S.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$qd.........."..........F4.....0.N...........@..........................P............@..........................8..s....9..T..............................t..|..............................0................?...............................text...d........................... ..`.rdata..............................@..@.data...D........^..................@....00cfg.............................@..@.rodata.x.......................... ..`.tls...............................@...malloc_h.......................... ..`.rsrc.............................@..@.reloc...t......v.................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\.cache\selenium\selenium-manager.json

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):193
                                                                                                                                                                                                                                      Entropy (8bit):4.341422627172725
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:IWyAfFHJH4ye/tZWyFWP1iJdNFjXSyB/seSypv/FFFjXSyNGP1WSXifFjXSyWdXE:ZfRJH4jWP1qdue/2iGP1BNvlXUn
                                                                                                                                                                                                                                      MD5:295AC9B94EEA8A16EFF9BD55ACC900FD
                                                                                                                                                                                                                                      SHA1:982469635AAE86089C46FC203881B9771F8CF99B
                                                                                                                                                                                                                                      SHA-256:E30C324413BA373D212D0B19BBFCBD4A85889F613A08D2026F8A67F11FB8C9DB
                                                                                                                                                                                                                                      SHA-512:17CA9D8F7873E5DAEEB93FD4F298D247BBF72273FE44DFB028722DD7C74D285E882F1E8A2B78D2A4DEABE9C83AC15216478ED10FC6859AB42056397AB5511270
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{. "browsers": [],. "drivers": [. {. "browser_version": "117",. "driver_name": "chromedriver",. "driver_version": "114.0.5735.90",. "driver_ttl": 1729782552. }. ].}

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\VCRUNTIME140.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):97168
                                                                                                                                                                                                                                      Entropy (8bit):6.424686954579329
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                                                                                      MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                                                                                      SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                                                                                      SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                                                                                      SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                      • Filename: SolaraV4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: LisectAVT_2403002A_216.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: LaZagne.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Trojan.Python.Psw.25309.14489.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      • Filename: SecuriteInfo.com.Trojan.Python.Psw.25309.14489.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_bz2.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):80784
                                                                                                                                                                                                                                      Entropy (8bit):6.45456109441925
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:hwz7h8B7BjhJCZePYgl/5S8Gh2Nv0DFIGtVQ7Sygj:hwz18BrJCJglhlGINv0RIGtVQej
                                                                                                                                                                                                                                      MD5:BCF0D58A4C415072DAE95DB0C5CC7DB3
                                                                                                                                                                                                                                      SHA1:8CE298B7729C3771391A0DECD82AB4AE8028C057
                                                                                                                                                                                                                                      SHA-256:D7FAF016EF85FDBB6636F74FC17AFC245530B1676EC56FC2CC756FE41CD7BF5A
                                                                                                                                                                                                                                      SHA-512:C54D76E50F49249C4E80FC6CE03A5FDEC0A79D2FF0880C2FC57D43227A1388869E8F7C3F133EF8760441964DA0BF3FC23EF8D3C3E72CE1659D40E8912CB3E9BC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>E.mE.mE.mL.=mO.m...lG.m#.SmF.m...lI.m...lM.m...lA.m...lF.m...lG.mE.m..m...lM.m...lD.m..QmD.m...lD.mRichE.m........PE..d....y.a.........." .........^...............................................P......S7....`.........................................@...H............0....... ..,............@......`...T...............................8............................................text...U........................... ..`.rdata...>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_decimal.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):250768
                                                                                                                                                                                                                                      Entropy (8bit):6.527857952800466
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:MJFPEV3nLF0eMMCtGzohEgCmUQjYK9qWMa3pLW1AtSrYB4BRWr8k:cPgXLF035tVZCRBQC06nWr8k
                                                                                                                                                                                                                                      MD5:D976C5F77A6370CF6F28A5714BF49AE3
                                                                                                                                                                                                                                      SHA1:79273EB123A68BA5CB91FF37EE0A82CEE880C2CC
                                                                                                                                                                                                                                      SHA-256:FE2BCCB2E204A736ED86A8D16EFFEAFE83B30B44F809349E172142665DE8458A
                                                                                                                                                                                                                                      SHA-512:57DF90F9FAF31F81F245A39A14C0784A3FACE4F76F00430DE8CFF2E86B55FA3269CD595119FD093E03709DEBF0888618917CAE5EA5E68F43A8E928861CAA01C5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t!=.0@S.0@S.0@S.98..>@S.b5R.2@S.b5V.<@S.b5W.8@S.b5P.4@S..5R.3@S..2R.2@S.0@R..@S..5P.1@S..5^.?@S..5S.1@S..5..1@S..5Q.1@S.Rich0@S.................PE..d....y.a.........." .....|...:......l...............................................-.....`..........................................T..P....T...................'..............<... ...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_elementtree.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):122768
                                                                                                                                                                                                                                      Entropy (8bit):6.3370854122985225
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:dM2D3CiJn7BliQoXzmISQxTeuvZVKB5X5Y5D5RYGH750P4BIG1f61:k67BliNKISQZhKIY+50P4I
                                                                                                                                                                                                                                      MD5:A0102F630B3C759B39F4ED0364035EBB
                                                                                                                                                                                                                                      SHA1:40BF486374F4E8067B6BECF16AF37C8BA30A155A
                                                                                                                                                                                                                                      SHA-256:BF34AB64620B224549A6D198B7473ECA843C7C39EF25ABF01F8FC121FF065A68
                                                                                                                                                                                                                                      SHA-512:C86A3BFA5F767E145629C8AF60FF2589D41B8E3A337EE6D7DA5951A77492BB8833CEB9FBCF30E3AC3DD1A8CBB3D5F81C14E73CC8F249314B7F8B6449858F8E4D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............j..j..j....j...k..j...o..j...n..j...i..j...k..j.y.k..j..k...j...g..j...j..j......j...h..j.Rich..j.........................PE..d....y.a.........." .....$...........x..............................................I#....`.............................................X......x...............................P....I..T............................J..8............@...............................text...i#.......$.................. ..`.rdata..bg...@...h...(..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_hashlib.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):60304
                                                                                                                                                                                                                                      Entropy (8bit):6.093275200649072
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:JV/wp93dN0yIITgu/w521DxBjWO/Z1bbr1IG5ItYiSyvJhKy:GNdeyIaVww1TjWMr1IG5It7Syf
                                                                                                                                                                                                                                      MD5:F63DA7F9A4E64148255E9D3885E7A008
                                                                                                                                                                                                                                      SHA1:756DC192E7B2932DF147C48F05EC5E38E9AA06E6
                                                                                                                                                                                                                                      SHA-256:FA0BB4BF93A6739CE5ADE6A7A69272BBC1227D09C7AFC1C027D6CEA41141BCC6
                                                                                                                                                                                                                                      SHA-512:23D06DEF20C3668613392A02832777B27AD5353E1DC246316043B606890445D195A1066FCA65300A5D429319AA2AE2505F9FA3A5AB0F97ABA2717B64AAA07E8D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bGq.&&..&&..&&../^.."&..tS..$&..tS..-&..tS...&..tS..%&..S..$&...T..$&...Q..%&..&&..&..S..'&..S..'&..S..'&..S..'&..Rich&&..........................PE..d....y.a.........." .....P...~.......<...................................................`.............................................P......................................T....k..T............................k..8............`...............................text....N.......P.................. ..`.rdata...O...`...P...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_lzma.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):154000
                                                                                                                                                                                                                                      Entropy (8bit):6.8078458773005055
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:GD6xBrqs+vs0H0q8bnpbVZbXsAIPznfo9mNoK5vSpxpRIGe1y2:GD63rcRLCV+7wYOK50P2
                                                                                                                                                                                                                                      MD5:BA3797D77B4B1F3B089A73C39277B343
                                                                                                                                                                                                                                      SHA1:364A052731CFE40994C6FEF4C51519F7546CD0B1
                                                                                                                                                                                                                                      SHA-256:F904B02720B6498634FC045E3CC2A21C04505C6BE81626FE99BDB7C12CC26DC6
                                                                                                                                                                                                                                      SHA-512:5688AE25405AE8C5491898C678402C7A62EC966A8EC77891D9FD397805A5CFCF02D7AE8E2AA27377D65E6CE05B34A7FFDEDF3942A091741AF0D5BCE41628BF7D
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l............................................Z......3.............Z......Z......Z......Z......Rich............PE..d....y.a.........." .....^...........2....................................................`.............................................L...,...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_queue.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):27536
                                                                                                                                                                                                                                      Entropy (8bit):6.261734078833693
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:smfqkQfdUCUFYS9F6XP6rEhSSVYptTDbPdIG7UcIYiSy1pCQ7Rhp7:spdUC+y6rEhSSVYTPdIG7UNYiSyvdhp7
                                                                                                                                                                                                                                      MD5:E6BB918CC02CD270BAD449875577427C
                                                                                                                                                                                                                                      SHA1:5B22420AE4170858A6A2AA04A54ADC26B9A8051C
                                                                                                                                                                                                                                      SHA-256:2D8B41DAD8A8506870E6F2E2A5856C6C6C68A219F18BD88AD79C63CFA1366B1F
                                                                                                                                                                                                                                      SHA-512:B19353E0DF213525C466D5CB80F362AB1A22EAF9940F742B59DF1C2842E49594DB87A5119289DCA616FDFA3E808C7CEB26906E0FF8723AFC80AF768496FACA9C
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.a....................@.......@.......@.......@..........................Z...............................Rich....................PE..d....y.a.........." .........6......................................................D!....`.........................................@C..L....C..d....p.......`.......L...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_socket.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):75152
                                                                                                                                                                                                                                      Entropy (8bit):6.147254943521508
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:z1XB7kEDATyhAZ9/s+S+pxyXc/+lf7PdIGQwP7Syr:ZXB4EDXhAZ9/sT+px8c/Sz1IGQwP9
                                                                                                                                                                                                                                      MD5:79C2FF05157EF4BA0A940D1C427C404E
                                                                                                                                                                                                                                      SHA1:17DA75D598DEAA480CDD43E282398E860763297B
                                                                                                                                                                                                                                      SHA-256:F3E0E2F3E70AB142E7CE1A4D551C5623A3317FB398D359E3BD8E26D21847F707
                                                                                                                                                                                                                                      SHA-512:F91FC9C65818E74DDC08BBE1CCEA49F5F60D6979BC27E1CDB2EF40C2C8A957BD3BE7AEA5036394ABAB52D51895290D245FD5C9F84CC3CC554597AE6F85C149E1
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w...............nk......c.......c.......c.......c......xc..........t....d......xc......xc......xc......xc......Rich....................PE..d....y.a.........." .....l.......... &.......................................P......v7....`.............................................P............0....... ..<............@..........T..............................8............................................text...Fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_ssl.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):156560
                                                                                                                                                                                                                                      Entropy (8bit):5.942876418107184
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:RYNRsSzeOfeC1uHv8MmouyETvb8VqH70NmHh4kwooSLteSdo9dRIGt7+ig:RYjPzeOfeYMvZuyvV0Dtho9dVg
                                                                                                                                                                                                                                      MD5:1ED0EF72A40268E300A611BA4AB20DFD
                                                                                                                                                                                                                                      SHA1:4D04D5911A6ED422308EA11D7B15821AF8F62585
                                                                                                                                                                                                                                      SHA-256:5860FE208122219A4071CC369D5001EDC3B08C13BD96156ABD1375E35401ACD0
                                                                                                                                                                                                                                      SHA-512:F72EA051ED50A09561414FC41D837C03CE44BE9D8E4C39F59133DD8A092C9F13FC942C58DC8517EDC149CAA3BF7D94FA6BDBE88CABC8CB3C6A02428676572F3E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.D...*...*...*.......*.D.+...*.D./...*.D.....*.D.)...*..+...*...+...*...+..*...+...*..'...*..*...*......*..(...*.Rich..*.................PE..d....y.a.........." ................l*....................................................`.............................................d............`.......P.......D.......p..8.......T...............................8...............x............................text...T........................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\_uuid.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):21392
                                                                                                                                                                                                                                      Entropy (8bit):6.271052728197517
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:WvEaNKFDyeTxXK5DFIGewqcIYiSy1pCQIQhwv:WTNK4e9XK5DFIGewgYiSyvJhwv
                                                                                                                                                                                                                                      MD5:0162EDE31051183D9E23BADA8B7FD0AA
                                                                                                                                                                                                                                      SHA1:F4AD798660B81E9BFBBEC6E44BD5C4BFFCF5F3B2
                                                                                                                                                                                                                                      SHA-256:8F1C0151485055E65F174D779CFEFD2FAE601CA52F556EE3880E417EA6E43187
                                                                                                                                                                                                                                      SHA-512:17A5AF2CD7A9603F31BB3B796DAE13BA157886A4BC05665780FD54C1E30F1FAD76648D56E35C18E2B0C1379D1A83EC98CC97AB2DC4E968FE8D648DB3341C2201
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z4F.>U(.>U(.>U(.7-..<U(.l ).<U(.l -.5U(.l ,.6U(.l +.=U(.. ).<U(..').;U(.>U)..U(.. .?U(.. (.?U(.. ..?U(.. *.?U(.Rich>U(.........PE..d....y.a.........." .........&...... ........................................p............`......................................... )..L...l)..x....P.......@.......4.......`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata..f.... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\base_library.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1065044
                                                                                                                                                                                                                                      Entropy (8bit):5.671496344006365
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:OVghgApCWymC6Shc12cA4a2YcqduVwOsfJEw4Wd/udYwSWSaMNX:OVghoVmBLa2PdVwOsfJEw4UudnSkMNX
                                                                                                                                                                                                                                      MD5:EB1A347D1BEDDF4AA91DD2B8632A71C4
                                                                                                                                                                                                                                      SHA1:BC560781E35A21C9D2D3F965A75C909F58FC4DDA
                                                                                                                                                                                                                                      SHA-256:948CE5F0222B27BD7DE6FFEA60D95C82463671A542D3DA65022DF869CE0B4C03
                                                                                                                                                                                                                                      SHA-512:A458111136C2D1366793135466A17E910F68A0D0539B8502B8AEEFBC48240F4D9A237E635FFC3452B2709C31647002C963AF773393C23B7214814DD7AAB66557
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:PK..........!.<L.{............_collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\certifi\cacert.pem

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):278952
                                                                                                                                                                                                                                      Entropy (8bit):6.049041164740881
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d86:QWN/TRLNLWCRrI55MWavdJ
                                                                                                                                                                                                                                      MD5:8D0619BFE30DEADF6F21196F0F8D53D3
                                                                                                                                                                                                                                      SHA1:E7ABD65A8CCAFEFF6CAF6A2FF98D27D24D87C9AD
                                                                                                                                                                                                                                      SHA-256:B301535DCA491D9814EA28FAA320AC7A19D0F5D94237996FA0A3B5A936432514
                                                                                                                                                                                                                                      SHA-512:5A88E4A06B98832AAA9BBB89E382F6C7E9B65C5ECBA48DE8F4FF1FA58BB06A74B9C2F6B2EC185C2A306CB0B5D68D0B28D74B323432A0B2953D8DFC29FED920D7
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\libcrypto-1_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3438840
                                                                                                                                                                                                                                      Entropy (8bit):6.094542623790425
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:DTKuk2HvIU6iwpOjPWBdwQN+5X2uyWsrV4+OGyu1BYGx6KCIrA9NPe0Cs5Z1CPwE:Pg+Hb5Wt+2BoBIcU0CsD1CPwDv3uFfJZ
                                                                                                                                                                                                                                      MD5:63C756D74C729D6D24DA2B8EF596A391
                                                                                                                                                                                                                                      SHA1:7610BB1CBF7A7FDB2246BE55D8601AF5F1E28A00
                                                                                                                                                                                                                                      SHA-256:17D0F4C13C213D261427EE186545B13EF0C67A99FE7AD12CD4D7C9EC83034AC8
                                                                                                                                                                                                                                      SHA-512:D9CF045BB1B6379DD44F49405CB34ACF8570AED88B684D0AB83AF571D43A0D8DF46D43460D3229098BD767DD6E0EF1D8D48BC90B9040A43B5469CEF7177416A2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................0.........................3........^....^.....^....^.\...^....Rich............................PE..d....A.a.........." ......$...................................................5.......4...`..........................................h/..h...:4.@....p4.|....`2.h....\4.......4..O..,.,.8...........................p.,.8............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..8....`2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..c....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...x....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\libssl-1_1.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):698104
                                                                                                                                                                                                                                      Entropy (8bit):5.531132600342763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:tgH+zxL52Y1Ag5EbSJyin89m8GXfbmednWAeO6GKaf525eWP8U2lvzI:DD1Ag5h/L5mO6GVf52se8U2lvzI
                                                                                                                                                                                                                                      MD5:86556DA811797C5E168135360ACAC6F2
                                                                                                                                                                                                                                      SHA1:42D868FC25C490DB60030EF77FBA768374E7FE03
                                                                                                                                                                                                                                      SHA-256:A594FC6FA4851B3095279F6DC668272EE975E7E03B850DA4945F49578ABE48CB
                                                                                                                                                                                                                                      SHA-512:4BA4D6BFFF563A3F9C139393DA05321DB160F5AE8340E17B82F46BCAF30CBCC828B2FC4A4F86080E4826F0048355118EF21A533DEF5E4C9D2496B98951344690
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!9._@W^_@W^_@W^V8.^S@W^.7V_]@W^.2V_]@W^.7R_T@W^.7S_W@W^.7T_[@W^.7V_\@W^_@V^.AW^.7S_s@W^.7W_^@W^.7.^^@W^.7U_^@W^Rich_@W^........PE..d....A.a.........." .....<...T......<...............................................)&....`.........................................00...N..HE..........s.......|M..............t...t...8...............................8............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..c............d..............@..@.rsrc...s............f..............@..@.reloc..]............n..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\pyexpat.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):192400
                                                                                                                                                                                                                                      Entropy (8bit):6.331661708582381
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3072:7UV1H8t//ZpdhxqMO2lr9JuB9OSH4ZCXRfWiTayyTvfvaycv0XOgeEnnRPcsR+2U:yVG/Ddh5r9JuB0SDfV9yTvfvx+Zj
                                                                                                                                                                                                                                      MD5:F3630FA0CA9CB85BFC865D00EF71F0AA
                                                                                                                                                                                                                                      SHA1:F176FDB823417ABEB54DAED210CF0BA3B6E02769
                                                                                                                                                                                                                                      SHA-256:AC1DFB6CDEEADBC386DBD1AFDDA4D25BA5B9B43A47C97302830D95E2A7F2D056
                                                                                                                                                                                                                                      SHA-512:B8472A69000108D462940F4D2B5A611E00D630DF1F8D6041BE4F7B05A9FD9F8E8AA5DE5FE880323569AC1B6857A09B7B9D27B3268D2A83A81007D94A8B8DA0FF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B.J.B.J.B.J.::J.B.J.7.K.B.J.7.K.B.J.7.K.B.J.7.K.B.J57.K.B.J\0.K.B.J.B.J.B.J57.K.B.J57.K.B.J57VJ.B.J57.K.B.JRich.B.J................PE..d....y.a.........." ................p................................................8....`.............................................P...P........................................4..T...........................P5..8............ ...............................text............................... ..`.rdata..|.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\python310.dll

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4453776
                                                                                                                                                                                                                                      Entropy (8bit):6.4554098557218
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:wplyWz2QcN6iPdzYjz0AMs9Kt2KnX0OCpFLoFnAcECdNCsugztL0DD9fIysVHkDx:sximj29G5H+ywH+MWqlgdMW
                                                                                                                                                                                                                                      MD5:C6C37B848273E2509A7B25ABE8BF2410
                                                                                                                                                                                                                                      SHA1:B27CFBD31336DA1E9B1F90E8F649A27154411D03
                                                                                                                                                                                                                                      SHA-256:B7A7F3707BEAB109B66DE3E340E3022DD83C3A18F444FEB9E982C29CF23C29B8
                                                                                                                                                                                                                                      SHA-512:222AD791304963A4B8C1C6055E02C0C4C47FCE2BB404BD4F89C022FF9706E29CA6FA36C72350FBF296C8A0E3E48E3756F969C003DD1EB056CD026EFE0B7EBA40
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...A...4...[n..4...A...4...A...4...A...4...L...4..zF...4...4...5...A..i4...A...4...Al..4...A...4..Rich.4..................PE..d....y.a.........." .....j#..^!.....l.........................................E......ND...`...........................................<.....X.=.|....pD......PB.......C.......D..t....$.T...........................0.$.8.............#.(............................text...>h#......j#................. ..`.rdata...+....#..,...n#.............@..@.data.........=.......=.............@....pdata.......PB......DA.............@..@PyRuntim`....`D......RC.............@....rsrc........pD......VC.............@..@.reloc...t....D..v...`C.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\select.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):26000
                                                                                                                                                                                                                                      Entropy (8bit):6.339693503329678
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:384:NUTqPjk/7e12hwheCPHqqYBsVRXPdIG7GxIYiSy1pCQFC67hEQ:iTgUC2hwh7HqbYVPdIG7GmYiSyvD7hF
                                                                                                                                                                                                                                      MD5:431464C4813ED60FBF15A8BF77B0E0CE
                                                                                                                                                                                                                                      SHA1:9825F6A8898E38C7A7DDC6F0D4B017449FB54794
                                                                                                                                                                                                                                      SHA-256:1F56DF23A36132F1E5BE4484582C73081516BEE67C25EF79BEEE01180C04C7F0
                                                                                                                                                                                                                                      SHA-512:53175384699A7BB3B93467065992753B73D8F3A09E95E301A1A0386C6A1224FA9ED8FA42C99C1FFBCFA6377B6129E3DB96E23750E7F23B4130AF77D14AC504A0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N...O...N...K...N...J...N...M...N.t.O...N...O...N...O...N.t.C...N.t.N...N.t.....N.t.L...N.Rich..N.................PE..d....y.a.........." .........0............................................................`.........................................`@..L....@..x....p.......`.......F..........H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\linux\selenium-manager

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), static-pie linked, stripped
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4512416
                                                                                                                                                                                                                                      Entropy (8bit):6.192421793016481
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:d/M6p1KU1mIU6ifVovQfFAtDa6E4alFSmcrTKbalFMeDYieEhEQ/Lic1XgAcTaMK:tR1Kq+yhukbLN
                                                                                                                                                                                                                                      MD5:6A956DDD8F1E71CA2707AEDB59A7F779
                                                                                                                                                                                                                                      SHA1:D12C5EFD25BB9B0B77054F4A83A38504094F240D
                                                                                                                                                                                                                                      SHA-256:B7C8968038E9112E6CB549A0B58172AB53658262946835FF39C041EC44C871B8
                                                                                                                                                                                                                                      SHA-512:186C91A19B4F1F2FF9BC14B144CA109EF6599A21D126472C90E2022ED26B20CF878ECD9758A069B0C4BA768CC3621150269F861810B8284E146405BC227B8E63
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:.ELF..............>.............@.......`.D.........@.8...@.............@.......@.......@.......0.......0...............................................L.......L................................................Z#......Z#......................e@.......@.......@......................................PD.......D.......D.....`........'.......................e@.......@.......@.....(................................GD......gD......gD.....@.......@...............R.td.....e@.......@.......@.............................P.td.....i.......i.......i..............................Q.td................................................................................ ....................... ...................?... ...................I... ...................c... ........................................................................................................__cxa_thread_atexit_impl.posix_spawn_file_actions_addchdir_np.getrandom.ZSTD_trace_decompress_end.ZSTD_trace_decompress_begin........@.............

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\macos\selenium-manager

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE|HAS_TLV_DESCRIPTORS>
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3762848
                                                                                                                                                                                                                                      Entropy (8bit):6.47896058273459
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:x/MxNkflKGKhmGV7ALIut7Fulx/DyWwNOlvMqVBBhxtEDu7bQzVktjsNaOaIVqE7:mO/GVlx/rx70zV+sw1Ew62+tl5LHTd
                                                                                                                                                                                                                                      MD5:4E3E74D882F2A2EF2F983F65077D7B10
                                                                                                                                                                                                                                      SHA1:112BD6FFDC55F8EC2D0BBAAAC2B72EDF679E6E3D
                                                                                                                                                                                                                                      SHA-256:81A2056F4616F8BA3EF50C3A81DB3F4963565CAC1DA46F57688FE455AC73763C
                                                                                                                                                                                                                                      SHA-512:D51F7CF7E11A7C199D28A0FE8F9020A1113E5AAC8625392A9A8BA07C7D3328DECD7ACE47C26FBA1E9B64F17A1C119770DF63C3FD31D31A8D64081EC5D7A80003
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:....................................H...__PAGEZERO..............................................................__TEXT....................4...............4.....................__text..........__TEXT..........@B....../o#.....@B..............................__stubs.........__TEXT..........p.#.............p.#.............................__stub_helper...__TEXT............#...............#.............................__gcc_except_tab__TEXT............#...............#.............................__const.........__TEXT............#...............#.............................__cstring.......__TEXT...........a4..............a4.............................__unwind_info...__TEXT...........r4......J.......r4.............................__eh_frame......__TEXT............4.....@.........4.....................................__DATA_CONST......4...............4.............................__got...........__DATA_CONST......4..... .........4.............................__const.........__DATA_CONST....

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\mutation-listener.js

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1944
                                                                                                                                                                                                                                      Entropy (8bit):4.675116854336413
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:G+SxKWxZZCg10kH11G4UQzNgxgWLlAziLhVGYTo:G+SQWbZC8hHnG4JRgxgWOJ
                                                                                                                                                                                                                                      MD5:81F59E36BDE07E051C3CB92A4986B327
                                                                                                                                                                                                                                      SHA1:676E0A28A5A1353E89469ACAAD1B08ADC62C795D
                                                                                                                                                                                                                                      SHA-256:2C2083C9A49F65C510D68D3620A57D4DFEDC8DC0FCC32524C1CCB11C6329EA07
                                                                                                                                                                                                                                      SHA-512:02562FC9AC369BC1994934B371DB8D550638430CBC7F7729DD7B3A95E90F4E53A205A62318803D021041DE362B0ED47752AD910CBDC742BEF6645A20AA96A1FA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:// Licensed to the Software Freedom Conservancy (SFC) under one.// or more contributor license agreements. See the NOTICE file.// distributed with this work for additional information.// regarding copyright ownership. The SFC licenses this file.// to you under the Apache License, Version 2.0 (the.// "License"); you may not use this file except in compliance.// with the License. You may obtain a copy of the License at.//.// http://www.apache.org/licenses/LICENSE-2.0.//.// Unless required by applicable law or agreed to in writing,.// software distributed under the License is distributed on an.// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY.// KIND, either express or implied. See the License for the.// specific language governing permissions and limitations.// under the License...(function () {. const observer = new MutationObserver((mutations) => {. for (const mutation of mutations) {. switch (mutation.type) {. case 'attributes':. // Don't report

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):3172864
                                                                                                                                                                                                                                      Entropy (8bit):6.676939928611827
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:49152:GgD4UMNOYj788gbCe85TGHwHG9Xg2s1+2IU6iYuCoh0ueLi:G396Cfp4Xg2t+FC
                                                                                                                                                                                                                                      MD5:B97E5ECDFD825A3A31183927E23E0199
                                                                                                                                                                                                                                      SHA1:AB3D793868CC689699CE35D27E53CD0B8DB76FCF
                                                                                                                                                                                                                                      SHA-256:C99709759258AE4A7174E23D395801F1E709F743D12FFE3E00BC638AE59FADFB
                                                                                                                                                                                                                                      SHA-512:61A8E401013D3FB04BE465BAB2EEB943585E11AE7249B5CFD16FCD1FDC12A433151C1E701A202C6B9A5CCBB4254D6B60B91DA787E9666028C7190A2D6CED64F2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b}G...G...G....../L....../....../S....../`....../V....../S...G........./H....../e...G...M....../F...RichG...........PE..L.....xd.........."....#.h..........L?............@...........................0...........@..................................L/.............................../......./.....................@./.....P./.@............................................text....g.......h.................. ..`.rdata...............l..............@..@.data....#...`/......H/.............@....reloc......../......b/.............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\firefox\webdriver_prefs.json

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2826
                                                                                                                                                                                                                                      Entropy (8bit):4.690644304617203
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:9SVI+Lhz3Oa0KUP8OZsUR4lckTgo6OxRLi//FPa+tLkglKgfgfOHSllrK/rTDzL+:/+trOa0KUP8OZ4ZUFPa+tAFEkOy7aTD+
                                                                                                                                                                                                                                      MD5:648D3DABABB0C714EE9A2D4A8FA4E39F
                                                                                                                                                                                                                                      SHA1:762AC0A8D883C8C05059F1815A35F6B55464B7C2
                                                                                                                                                                                                                                      SHA-256:946ADD298A5E2346E3D53D1CBE8AD7C33E4994130511F6D8B79268BE50B7A34C
                                                                                                                                                                                                                                      SHA-512:51B2ED36C8BB61EBA99406492B2F6928DB0DB413A8F60E30FDAB74D689247B8C83F0E790D8F6AEE370E0F2E27FD565F4A87608CDC547C752514F1476E6DC89AA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{. "frozen": {. "app.update.auto": false,. "app.update.enabled": false,. "browser.displayedE10SNotice": 4,. "browser.download.manager.showWhenStarting": false,. "browser.EULA.override": true,. "browser.EULA.3.accepted": true,. "browser.link.open_external": 2,. "browser.link.open_newwindow": 2,. "browser.offline": false,. "browser.reader.detectedFirstArticle": true,. "browser.safebrowsing.enabled": false,. "browser.safebrowsing.malware.enabled": false,. "browser.search.update": false,. "browser.selfsupport.url" : "",. "browser.sessionstore.resume_from_crash": false,. "browser.shell.checkDefaultBrowser": false,. "browser.tabs.warnOnClose": false,. "browser.tabs.warnOnOpen": false,. "datareporting.healthreport.service.enabled": false,. "datareporting.healthreport.uploadEnabled": false,. "datareporting.healthreport.service.firstRun": false,. "datareporting.healthreport.logging.consoleEnabled": false,. "datareporting.poli

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\remote\findElements.js

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2269)
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):53676
                                                                                                                                                                                                                                      Entropy (8bit):5.47753909292029
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:1536:AXJFPWr+DEqXMn9XM3UkGdEMT8TZZ/6B0clWuF2ZCtYa0n6B:ITU7dW62clW02sF
                                                                                                                                                                                                                                      MD5:A3ADBD092F853DB411976C1E94AAFAE8
                                                                                                                                                                                                                                      SHA1:4C00ADFE7E0A8EFF9B942A9C5E04BCF1CA7ED7B0
                                                                                                                                                                                                                                      SHA-256:BAA76C75504103D3177E9C98F4F878ED9D211C61E6F4AC1ECBE2359335E161D4
                                                                                                                                                                                                                                      SHA-512:5C20B30618331C207A6C89C3F8A249C997B5018F86A6EB425BFA1CF9063ED3032974209CAF885B5F0A8F688D53BC68691F8EEE9D6A7F018A0483AAEEB2E8D803
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:function(){return (function(){var aa=this||self;function ba(a){return"string"==typeof a}function ca(a,b){a=a.split(".");var c=aa;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function da(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function ea(a){return"function"==da(a)}function ha(a){var b=typeof a;return

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\remote\getAttribute.js

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1587)
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):43157
                                                                                                                                                                                                                                      Entropy (8bit):5.4711439829805295
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:V7p/8YXWW4BJinqX46z3wlU0koCF2TPO2bRmeJbNV9c:V7p/JWFBJinqXNm3nCwPgAc
                                                                                                                                                                                                                                      MD5:F05A5E91E83CD5CA39FBDED566E30E4C
                                                                                                                                                                                                                                      SHA1:A7273098A868272944881E6F87838E69CDF9DB44
                                                                                                                                                                                                                                      SHA-256:2186EA70072C63DDB4AD89F2315A7909A9B4A97F52A69957C74DA72641CDAE6A
                                                                                                                                                                                                                                      SHA-512:72819C5DDA934955C9F35ECD8724AF965634C1C50B530A81D48A4F167CC815A896180E414790BC0E33C8BC4176C8C777AAB01D3C47C7FFE2818C242EDE8160AA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:function(){return (function(){var h=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=h;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}funct

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\remote\isDisplayed.js

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1724)
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):43996
                                                                                                                                                                                                                                      Entropy (8bit):5.482916356843218
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:i5WDMeWWcwpdin/XLwXEWb1sHddFZ/R0o7BnF6LRkVZhYiJEKLuP:i50VWWppdin/Xk7buHdp/R0cF6+VZhzW
                                                                                                                                                                                                                                      MD5:B3122D6B9700A669111247D95460AC05
                                                                                                                                                                                                                                      SHA1:A14AF0130FC408719B1BA1AF81C03F54AC9D3F20
                                                                                                                                                                                                                                      SHA-256:EBDA4033FAA32130BFCA4B7A0B3DF41565A99301DF9331054B18F7932B34C388
                                                                                                                                                                                                                                      SHA-512:B74BACEBDE59767E18151F5A6E9E735C0243ADA4915BC1B9BBBFE276ADF4830D4B071C1A7AFE52E7A7558A8F9D3C464F329748CAB67864BAEBF05D5E398C7ED4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:function(){return (function(){var k=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=k;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a,b,c){return a.call.apply(a.bind,arguments)}function ea(a,b,c){i

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI13642\unicodedata.pyd

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1118608
                                                                                                                                                                                                                                      Entropy (8bit):5.375765997910847
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12288:ArlBMmuZ63NNQCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uOVg:mlBuqZV0m81MMREtV6Vo4uYOVg
                                                                                                                                                                                                                                      MD5:D1182BA27939104010B6313C466D49FF
                                                                                                                                                                                                                                      SHA1:7870134F41BA5333294C927DBD77D3F740AC87E7
                                                                                                                                                                                                                                      SHA-256:1AC171F51CC87F268617B4A635B2331D5991D987D32BB206DD4E38033449C052
                                                                                                                                                                                                                                      SHA-512:EF26A2C8B0094792E10CEABBF4D11724A9368D96F888240581A15D7A551754C1484F6B2ED1B963A73B686495C7952D9CB940021028D4F230B0B47D0794607D0F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.$z8OJ)8OJ)8OJ)17.)>OJ)j:K(:OJ)j:O(4OJ)j:N(0OJ)j:I(;OJ).:K(;OJ).=K(:OJ)8OK)iOJ).:G(9OJ).:J(9OJ).:.)9OJ).:H(9OJ)Rich8OJ)........................PE..d....y.a.........." .....B..........`*.......................................@......5.....`.............................................X...(........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\selenium-managerIWMEOk\chromedriver_win32.zip

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe
                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):6603303
                                                                                                                                                                                                                                      Entropy (8bit):7.998286268473723
                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                      SSDEEP:196608:lW5b3PN+ZKdgBfnGb/3WMvUHEP7yzKC1KjNK13:lW5b3PN+ZXBer39vhPqKC1KM
                                                                                                                                                                                                                                      MD5:7D455BED57EF682D41108E13D45545CA
                                                                                                                                                                                                                                      SHA1:BF698B1DCE6F55790E20BC84DFCFCBBE30BEAC75
                                                                                                                                                                                                                                      SHA-256:40D1F1F023B6C38CEB27E8A179E75D6B2F9CC1C55BD9935B12B09FA83F8A7BDE
                                                                                                                                                                                                                                      SHA-512:A2B1D7432DA03D0404E4D9581D87438F892547EA4DAE21FE16689E8F074D55AD775BFE21CED70D02D14807456C69A6E098CD0FA2784502A3A0BE220FBC49B6BE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:PK.........V]y....d..H......chromedriver.exeUT.....pd..pdux....h....S_...].p.u...a....T..:"N.zW......Q^..5@J^.F..0!.0....na..a....{.Yn..y{W{Z.U..n.EBx..s..........2.}....dzz.........~.....g/~A..A..._.......'.)[.xW...e].._V.PPW....\^.....4.T--._./....;.`y.z.4. ....2..a.{E5.^.0E.+f....PRH.M.#.N.U.l..Q.j._(.Xf"C(n#.......n.&...'?.I...v.Q.>o.....3.va..o..v.n....M...Y.}.?m.\.bc6.q...._}c-%.y._ ..i........ip./.....Y.9..(.F..f^.f..$....K...m.6}..o. 8p.[.$...G.W<.>@.....g.uk.#.5..F.c.p3;.tt..+}....}H@c.1.^}C..l.e.2....9#....."..........q....~..]..uA~.JG.....D......ez.%....^..+...Zge..p...-...3O.W*.o...v.T..+5...f.gL|l...}f.q..A.'.....mh..6\.24sMi......vlf.m......6..K.Z..7g...Y4..4.~Ej....... .K^..M....A..Ys.,l.!H...5..$.-6.....5...|F5e..V4...q0.._(.5uwj!5.V+.L.....~:".!.!..v.m...p....G.t..~#.P.Tx..P.G..zac/.{.^.;.@`.?..^.}..p.+."....3.|.....S.4......;T-+..e....Q(X...BI...:.(:@..=.([qz.^..M^...m.......m8.*..B`:7..5m..*.'..Em.NP..;.2%.h..`..edY..G..

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\BrowserMetrics\BrowserMetrics-6718FB28-878.pma

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                      Entropy (8bit):0.20819306651720385
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:768:zUVzyfbWkFV5qly0UBWDkbSJVZp21mD0DMaL1eCbD5sugDjJdgPPTMSrLlH+:zUVCVFV5qlybXuz21mUn5shDjJ+3RH
                                                                                                                                                                                                                                      MD5:388BE81F628819E6647CA69D6FA29083
                                                                                                                                                                                                                                      SHA1:EAFB7F1A52E72DFE8DD5A9C3EDA4A561A2D06DC6
                                                                                                                                                                                                                                      SHA-256:5D157F5EE7FF12B512DCF81CCC08DDA0FC1A32B81059F7D4DA571ECB69A710EA
                                                                                                                                                                                                                                      SHA-512:894FA2A6458FA75221C53FD93F09D0A6B4EA7478BC3E4FE240843CE09FCFA97742C55DC0212A2A9086BDFA5B039A118A4584CD2E0DA4B1E98AE947DB41B6CA16
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.5938.134-64".en-GB*...Windows NT..10.0.190452(..x86_64..?.......".xnoqsy20,1...x86_64J..m#:^...YP....................#...,..(.......EarlyProcessSingleton.......Default3.<..8...(...SyntheticOptimizationGuideRemoteFetching....Disabled.0..,.......HttpsFirstModeClientSetting.....Disabled.0..,.......Segmentation_SearchUser.....Unselected...4..0.......Segmentation_DeviceSwitcher.....Unselected...8..4... ...Segmentation_PasswordManagerUser....Unselected...<..8...$...Segmentation_ChromeLowUserEngagement....Unselected...4..0.......Segmentation_ShoppingUser.......Unselected...4..0.......Segmentation_CrossDeviceUser....Unselected...4..0.......Segmentation_ResumeHeavyUser....Unse

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Crashpad\settings.dat

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                      Entropy (8bit):3.254162526001658
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:FkXRetoVGcn:+84Fn
                                                                                                                                                                                                                                      MD5:595C1A872CBFDE8616C2B5B0716C254E
                                                                                                                                                                                                                                      SHA1:3BE89D405FFB9BD5111C0B511E777983400159DE
                                                                                                                                                                                                                                      SHA-256:C65BF5084AE1C71D695BAA5E10CA3B5F1F31DA8173E4D52E1F95DDB8DADD61BB
                                                                                                                                                                                                                                      SHA-512:8DAE913D89EE799814DC87425DB4B14ECF8EC72FDE9EB210A636B0947CC864461479FA6167F9539B8E01B3F0096BA6588A46F1D5A7F1D717DC18E9FD8C55DB5E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:sdPC......................f.0.H.i-.....

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\491efee3-0538-4323-bcde-70682a4c0db8.tmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Affiliation Database

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):45056
                                                                                                                                                                                                                                      Entropy (8bit):0.40014189446483467
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:TLz3blvGgOg53yS0lNvN2HLvKroyr0n4BmhltoVOq6Uwcc05fBGQwQ:TNxiSdLS0aVOlU1coB
                                                                                                                                                                                                                                      MD5:00AF4A50B4E83413600C40BE126B17B1
                                                                                                                                                                                                                                      SHA1:D6C2AAC58F581C4EA3B45C997A922DD99B2396CD
                                                                                                                                                                                                                                      SHA-256:95A77058925FC8DC392E2A4CF51D60EE41FFA49967A6E3BD4F34EFE3F0473E0E
                                                                                                                                                                                                                                      SHA-512:8B95EE2EFCA34EFE82A7E53E3C9EF68B481F174A5545C6A0AF9BB104AB43EF9554E2FB439522D4308886A8B04C9BC912472E82AF1E0964A5CA89906F0C646A02
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....e...$.y.....Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Cache\Cache_Data\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):524656
                                                                                                                                                                                                                                      Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Lsulf//:Lsc//
                                                                                                                                                                                                                                      MD5:1C4A1D08DCD27AD1E5D481D59D54424E
                                                                                                                                                                                                                                      SHA1:D93A81AE514557B05AD06FDE9FEC2B1B35B410BE
                                                                                                                                                                                                                                      SHA-256:9E8E332A3834BFE9BFC3A3182163BE31F777E8477B6FD226C51BE00D6A7454D5
                                                                                                                                                                                                                                      SHA-512:1CB93CEF25BB3C0C0022E9901B4AEEAAFD088A38AE1A0DCFA8DF0A5B930CE1159B6FB211145C8DE711A737FEB8DF70F1C11D89239CEB724838B68F332DFB38DD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:...........................................6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\js\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:PqK0XAyEe+MSHn:yK0wDn
                                                                                                                                                                                                                                      MD5:F921CC2910AD0B9674BA88EB5AC9A845
                                                                                                                                                                                                                                      SHA1:C10751678C3742CF2FD72C2DE5F14E2B465F1D64
                                                                                                                                                                                                                                      SHA-256:2A3C14A4B6033AAA20878A4FD9E43304404C7BC8DE54F2CAA1D3834522E52ACC
                                                                                                                                                                                                                                      SHA-512:9778C74B5B41B6D4543F40F1D2C7AB0D52C072449988B1D284FF5D34933253BA4DDDBAED0B93828D1C00FCBB12E2A3203AD0384962127421E82373C27FB1C490
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:(.....oy retne..........................6../.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:PqK0XAyEe+MSHn:yK0wDn
                                                                                                                                                                                                                                      MD5:F921CC2910AD0B9674BA88EB5AC9A845
                                                                                                                                                                                                                                      SHA1:C10751678C3742CF2FD72C2DE5F14E2B465F1D64
                                                                                                                                                                                                                                      SHA-256:2A3C14A4B6033AAA20878A4FD9E43304404C7BC8DE54F2CAA1D3834522E52ACC
                                                                                                                                                                                                                                      SHA-512:9778C74B5B41B6D4543F40F1D2C7AB0D52C072449988B1D284FF5D34933253BA4DDDBAED0B93828D1C00FCBB12E2A3203AD0384962127421E82373C27FB1C490
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:(.....oy retne..........................6../.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasm\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Fk5dEUVLH:eYMLH
                                                                                                                                                                                                                                      MD5:DECD6589C1DE098D9B9F3DBB1C685AAC
                                                                                                                                                                                                                                      SHA1:603CA473CFAAE1CF8CFD3212D6EED88FF1D138E2
                                                                                                                                                                                                                                      SHA-256:EF9461E644B507CE69BC5DE74E436D1ACCE69C3C76EA5D86E0AECE8557ACB558
                                                                                                                                                                                                                                      SHA-512:413DEC1A7A7143C1148F39A96129B46152260EF6A96818DF48699F93EC0BE6B92ADF3BF8E9434ECB223714E13D8755C7298B680117A9DCBACA9060EBAAD8B947
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:(....Au.oy retne...........................6../.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:Fk5dEUVLH:eYMLH
                                                                                                                                                                                                                                      MD5:DECD6589C1DE098D9B9F3DBB1C685AAC
                                                                                                                                                                                                                                      SHA1:603CA473CFAAE1CF8CFD3212D6EED88FF1D138E2
                                                                                                                                                                                                                                      SHA-256:EF9461E644B507CE69BC5DE74E436D1ACCE69C3C76EA5D86E0AECE8557ACB558
                                                                                                                                                                                                                                      SHA-512:413DEC1A7A7143C1148F39A96129B46152260EF6A96818DF48699F93EC0BE6B92ADF3BF8E9434ECB223714E13D8755C7298B680117A9DCBACA9060EBAAD8B947
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:(....Au.oy retne...........................6../.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_0

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_2

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\data_3

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\DawnCache\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:LsNlRm+t:Ls3Rm+t
                                                                                                                                                                                                                                      MD5:A9361F4EB5BC71A76EACBD7C83B021BA
                                                                                                                                                                                                                                      SHA1:75DE072494A9D65CDC208B8436B5FE9285AB696F
                                                                                                                                                                                                                                      SHA-256:D2EB710B651F705AFEB86246828135DECD24B2AB2E90A2A27B5DB8FC56520FD3
                                                                                                                                                                                                                                      SHA-512:C35455F5E08B850097001353163DB223EC642FC54DDB6915FD13AC30F7BFE9781F0BE548153B000E05337BB22FB420931AA94829BA1672D4E5540F358AADAA54
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:..........................................6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38
                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                                                      MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                                                      SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                                                      SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                                                      SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.f.5................f.5...............

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):267
                                                                                                                                                                                                                                      Entropy (8bit):5.2341629453201195
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:SEpDPXcCaVdg2KLlAEuJSVq29XcCaPrqIFUv:JXcqLKJOv9Xc53FUv
                                                                                                                                                                                                                                      MD5:298B2852723597A795289962D6F6CE8F
                                                                                                                                                                                                                                      SHA1:E3FD6FD46315B13D051D2C69070EA8DE1C8DDE67
                                                                                                                                                                                                                                      SHA-256:18E357F1250402BFDA9AF54B1F5128CAF1101098A7EA077F55C16CFAFC65D56B
                                                                                                                                                                                                                                      SHA-512:4CEF524E3AF350892AD5ADDED6BC87E86F3BE327A7D10AE1BD6AB12CDD99BA45961534A7CE2DE118F78122D594B63CADD89A4717755AB9170E3B6AA6B6234C18
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.581 f80 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules since it was missing..2024/10/23-09:33:28.854 f80 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):38
                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                                                      MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                                                      SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                                                      SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                                                      SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.f.5................f.5...............

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):271
                                                                                                                                                                                                                                      Entropy (8bit):5.230519730029068
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:SEBXRPXcC6FB2KLlAE0vwVq29XcC65IFUv:dXpXc5FFLgAv9Xc5WFUv
                                                                                                                                                                                                                                      MD5:598DB96DE60895F4478CE221820F2B35
                                                                                                                                                                                                                                      SHA1:A86129E04B365A487038CF214DBE1EA545AAE849
                                                                                                                                                                                                                                      SHA-256:FA309921A39250C408D1C7100DB231A9C740D833AB3E755DD8346AFD36649CB9
                                                                                                                                                                                                                                      SHA-512:E9F44897AF67BE65AC240124E634D792F87EEBDE779D71B6C1583B3FA7097627950118533BA149568A5FC8C72ACF25E8AF180375CCE4DD549626625A8D378702
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.855 f80 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts since it was missing..2024/10/23-09:33:28.865 f80 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):114
                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                                                                                                                                                                                                      MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                                                      SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                                                      SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                                                      SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):267
                                                                                                                                                                                                                                      Entropy (8bit):5.222441025593861
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:tRdIVuRVbVFD2bnF7YXV5EAOgVWVTADYet4JgaXKLP9vIVuRVDFDNcKKqFkf1XVX:SEfPXcCYg2KLlAEZDOq29XcCNIFUv
                                                                                                                                                                                                                                      MD5:ECB00BD125603C49F5145D3A46FF709C
                                                                                                                                                                                                                                      SHA1:071C23D1A70F655D964AE076A15327A2C7045703
                                                                                                                                                                                                                                      SHA-256:03568DC8E0C3C871297EC2980693276D6F509109A3B2CF8B5606937F440D54E0
                                                                                                                                                                                                                                      SHA-512:401BCA089AB9C1DE6ACE5A06849D9B6396CCCA160860D7D5E1B8E2E6CE40CDC6EF19144DBB559D59C1C2A0258285F101E900CEFC6171444717707407802723CC
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.886 d20 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State since it was missing..2024/10/23-09:33:28.895 d20 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Favicons

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                      Entropy (8bit):0.6975083372685086
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
                                                                                                                                                                                                                                      MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                                                                                                                                                      SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                                                                                                                                                      SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                                                                                                                                                      SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_0

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_2

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\data_3

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\GPUCache\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:LsNl7emKlt:Ls3aN
                                                                                                                                                                                                                                      MD5:C51CC896B48FE835D11A0DD710B48383
                                                                                                                                                                                                                                      SHA1:9FD16761580704549149E9CE3461DB89EE0F1AA8
                                                                                                                                                                                                                                      SHA-256:E0624933908358B9A14BF548BCC16A128C9D26FCCDE87AA852EBAA067A5CFA77
                                                                                                                                                                                                                                      SHA-512:8E3D306E84247E7ABE7D82F6B3D5C112A28D244291AD8AF23332D1FBBEB1EEEA02F5641DA269710C9C7EA81133C137C0167023D7B288934623E4137966E5EE3B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.........................................n.6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\History

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):159744
                                                                                                                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\History-journal

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41552
                                                                                                                                                                                                                                      Entropy (8bit):0.025822557395076905
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:/lIFEBlsxl5/vlWxl/lIXBl5l2xl1pl+r:/l8PYxJGBP8xtEr
                                                                                                                                                                                                                                      MD5:0B83C5E90C1F34DF5C7F9D3BD2C4FC19
                                                                                                                                                                                                                                      SHA1:5531FDA693B65CAAC16834597EF137CCBEB4EAB1
                                                                                                                                                                                                                                      SHA-256:557BE1088FAC58C19D1EFF811293F2F4FF66023743378213530000459EC95244
                                                                                                                                                                                                                                      SHA-512:B2870E1175AE2A28B9E22AA2B512F57B1AAF835CFB09EBB51F24146FCB083EA5FF4358135979181FDB231DA85005124A8DBD18AECC0352605789B92ED5837778
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............>C.&...'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):281
                                                                                                                                                                                                                                      Entropy (8bit):5.338197750471942
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:SfRPXc6a2jM8B2KLlAD3Vq29Xc6a2jMGIFUv:SXc6jFLs3Vv9Xc6EFUv
                                                                                                                                                                                                                                      MD5:A011A42C4195EAE70A373069F5DF9D14
                                                                                                                                                                                                                                      SHA1:0DB545E9EDD122B2E98EE0A7A6BB760752575B57
                                                                                                                                                                                                                                      SHA-256:BF5E20708FD24C31EB00D425E2477BC5D99A5689D4A331893E0D00267BCF9112
                                                                                                                                                                                                                                      SHA-512:180BF865EC452446D1AE2CB96E39C004EC34E2AAA29974A9CE9074B3042BB893AC969D439463F77EABACE79E9CE2DA71EAE552914CE787C1B83B5189BFB8B888
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:29.144 1680 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb since it was missing..2024/10/23-09:33:29.170 1680 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Login Data

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Login Data For Account

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\8f1f3396-203a-4db9-bd11-316da6732c0a.tmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Cookies

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                      Entropy (8bit):0.3237637357343357
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:l9bNFlEuWk8T/l5qKZwkvAngLusiOImWtz0vlWmW8QeZa5qguxtqlyup6YZ75fOV:TLiuWkYl0KONFxOUwa5qguWfpbZ75fOV
                                                                                                                                                                                                                                      MD5:3EF849ABC9E84C1D19566A9128442C47
                                                                                                                                                                                                                                      SHA1:E9C70A5823A7A46330A18D51A4413ECFDAF10753
                                                                                                                                                                                                                                      SHA-256:301CD0F39EB7BBFA37303A5D482614B67A78979F5D761520EDFB16C4BA77EE92
                                                                                                                                                                                                                                      SHA-512:DFD248A745C1960BFB792FC59F90724DD937D5D431F28E1F6CCBC0F55E551B0818408AD353B88DC83439AF2D7B249C9576B1F1F66838B59865EA9F5644CC9EBF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......g..g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Reporting and NEL-journal

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                      Entropy (8bit):0.28499812076190567
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:7FEG2l/yhklFll:7+/l/y
                                                                                                                                                                                                                                      MD5:046F00CD1CABBACB13BFD9C20A7DF92B
                                                                                                                                                                                                                                      SHA1:97B8F476B568AD7D362446D0220ED9F684C04932
                                                                                                                                                                                                                                      SHA-256:D50DD01CB94E1C70635537A6CB5DCADD345C15833FF3B80A89F9E473D1A3F08C
                                                                                                                                                                                                                                      SHA-512:673EA2517149A21DEBFACF7DEC089431D43CB6B8D15089EEC625BFDEEFC58B5B7E515312B55AB36AAEA635B9B79D2C3D6E185830CCEBCF9602636409C6F00CCD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.... .c......D.l................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\SCT Auditing Pending Reports~RF3aa89.TMP (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\Trust Tokens

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                      Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Network\f80e5f49-dde9-4727-88b2-7a2e069f26ee.tmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Preferences

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):713
                                                                                                                                                                                                                                      Entropy (8bit):4.526330721845736
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12:YWKXKIiAto+VXC12cfwVoa2bY5Rw24hGfmXM0XFE1e/5/i1eY4eufSZHk6XJuJjV:YfFCbwn2b+WxGfmXM0XeUx/iUre4cHkB
                                                                                                                                                                                                                                      MD5:E048A8596409ADADFE3FF10DB8E5EFBB
                                                                                                                                                                                                                                      SHA1:332D79DFB5C30C125C8B030CAAF0B007B1B1AF31
                                                                                                                                                                                                                                      SHA-256:E19CD56E347EFCA1CADFC1FD6875EF82B35631E5CB7F9B54AA4BB9EA71FF66B0
                                                                                                                                                                                                                                      SHA-512:1758879D426DCD224C06DFC32BA2930F453E52BF8B9A85C3149CAB82BA4C19A6637D6A27CE605E8925C17352BA7EB93223FB7D1441CBFEC8252569A08CB11F5E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{"alternate_error_pages":{"enabled":false},"autofill":{"enabled":false},"browser":{"check_default_browser":false},"distribution":{"import_bookmarks":false,"import_history":false,"import_search_user":false,"make_chrome_default_for_user":false,"skip_first_run_ui":true},"dns_prefetching":{"enabled":false},"profile":{"content_settings":{"pattern_pairs":{"https://*,*":{"media-stream":{"audio":"Default","video":"Default"}}}},"default_content_setting_values":{"geolocation":1},"default_content_settings":{"geolocation":1,"mouselock":1,"notifications":1,"popups":1,"ppapi-broker":1},"password_manager_enabled":false},"safebrowsing":{"enabled":false},"search":{"suggest_enabled":false},"translate":{"enabled":false}}

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):61
                                                                                                                                                                                                                                      Entropy (8bit):3.7273991737283296
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                                                                                                                      MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                                                                                                                      SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                                                                                                                      SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                                                                                                                      SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f...............

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):267
                                                                                                                                                                                                                                      Entropy (8bit):5.23990338543794
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:tRdIVuRUhX782bnF7YXV5EAOgVWVTADOnKLQFDsqaXKLP9vIVuRUgvFH43LKqFkG:SToPXcVQM72KLlAeHU+q29XcVQMxIFUv
                                                                                                                                                                                                                                      MD5:2C2EB6FCD5A09C2A4DA3479A5991CFAD
                                                                                                                                                                                                                                      SHA1:E682466D335F1B4D30130081DDAF31BE638C1C68
                                                                                                                                                                                                                                      SHA-256:63FF9281F7C40C000D1E1F914DA4E1B2D9689848EFC91DE5765AF26455CA6622
                                                                                                                                                                                                                                      SHA-512:47A02ED01C03AEAF2AC2AD166D8A245E0E39926D805C011F90FB3E20A40D5A7FD246A6E923E26A6E6940F19522B3F441A4D6AE1D7317E2D61274805C60EE1BDE
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:29.011 be8 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage since it was missing..2024/10/23-09:33:29.179 be8 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                      Entropy (8bit):3.473726825238924
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                                                                                                                      MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                                                      SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                                                      SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                                                      SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.On.!................database_metadata.1

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):297
                                                                                                                                                                                                                                      Entropy (8bit):5.2412599714331005
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:SELhMPXc1Uh2gr52KLlAEqZq29Xc1Uh2ghZIFUv:nhUXcGhHJL6v9XcGhHh2FUv
                                                                                                                                                                                                                                      MD5:48F1E5D317E03A01BC23867E1F62FCDB
                                                                                                                                                                                                                                      SHA1:1D85CB65ADB672342A088815975126CD909F341C
                                                                                                                                                                                                                                      SHA-256:6BA9627F0182C2454D5D40532CDFD04BBD37F4BCFF93DD2D1347EA31CB5C90ED
                                                                                                                                                                                                                                      SHA-512:0031B52D87AA2F8654BEE7CE3F8CAE2CD1FC601C67BD445FCD5AC9DB39AA369DCB24BE1CF818F2CB694D9D6F3693DD083A2926BB0B8D2FAC4E6990A4F1CAAAFD
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.571 1834 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database since it was missing..2024/10/23-09:33:28.626 1834 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):46
                                                                                                                                                                                                                                      Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                                                      MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                                      SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                                      SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                                      SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):273
                                                                                                                                                                                                                                      Entropy (8bit):5.343246671863681
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:tRdIVuRVlRM2bnF7YXV5EAOgVWVTADOppEdAxaXKLP9vIVuRV6USGSDKKqFkf1X4:SEzMPXcXx2KLlAE6USGOq29Xc3IFUv
                                                                                                                                                                                                                                      MD5:5997007BCF7EC5CEBA2FD899082267DA
                                                                                                                                                                                                                                      SHA1:D8F77120FFD1BD73A0578D8362466D6410C7605A
                                                                                                                                                                                                                                      SHA-256:BE1DA2FCB35F65767B8230BDEAEE1C1CBD66AC64DF491703F80D91992BBAE048
                                                                                                                                                                                                                                      SHA-512:877A9916B08698C718C31ADB1347501620B06602D8A2AA376804FEDCA08FE265BFE9F89F69FA9CE4506C9597F9AF52E3C2241793BFA54BEA20B9B0C385CAD2A4
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.561 17c4 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB since it was missing..2024/10/23-09:33:28.601 17c4 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Top Sites

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                      Entropy (8bit):0.375597039055199
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSbdccog2PccogL:TLiwCZwE8I6Uwcco5fBr2hL
                                                                                                                                                                                                                                      MD5:8C7D45D642EABC72A37E8C4D1ABAD65E
                                                                                                                                                                                                                                      SHA1:BFFA29FD9A30F53336F987FEC4CDF0788ABE20C1
                                                                                                                                                                                                                                      SHA-256:270E8A34810ED611D970F37CF72528AAF45456718F50D4077889637374685A84
                                                                                                                                                                                                                                      SHA-512:28C2BF727A15D11DBEC3C54CF1A7CCAF1ED59C4DC52914D73DF93E5F496C267922AA866B99F06BA295EC7C75084EA6632C0E2C2CDB0474281559EC152A670407
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Visited Links

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                                                                                      Entropy (8bit):0.0033616753448762224
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:ImtVusotc6bml:IiVus4cT
                                                                                                                                                                                                                                      MD5:0DC1349B178882ECB7404EC361FDD556
                                                                                                                                                                                                                                      SHA1:C621FE36923816500CFAF878F7870E94ACCB01B6
                                                                                                                                                                                                                                      SHA-256:A147DB5C5643CA2A1E5E7065E0A4A6CDD7AA3990AEE24BF07CA7D30C9236EDB4
                                                                                                                                                                                                                                      SHA-512:712A37F973AB7B2856A0CF8BF99BC9588BD737E1065F2A6E5D960BE332DCC06344CAC69D62C42D759830C121496BA19C3DDECF59509CF6065AA53C62F36BDC76
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:VLnk.....?.........j..{.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\Web Data

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 50, cookie 0x21, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):102400
                                                                                                                                                                                                                                      Entropy (8bit):0.8885298770451314
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:96:zWTbBEF3ZmYLbGsQzUsXmT7tKhzLWTge6WbTpHwnNbK+0Lqlp+eFGcUMegfkMPtM:zWTbqVZTnGtgTgabTanQeZVu
                                                                                                                                                                                                                                      MD5:C5CEE4514E650C407AA6F90548EC992C
                                                                                                                                                                                                                                      SHA1:7EDDE1795120AAE712675AD75F7472B007CBEF37
                                                                                                                                                                                                                                      SHA-256:DBF955AEE29B4AB8ABCAEC45CA200FA37BA2534C7A57C3AEA031044938E32411
                                                                                                                                                                                                                                      SHA-512:C6792D3E2FA5B53BE5FC9B393165B169D650DFA7B80C183F6D70537A8B1BA5B2964E1F49CC671C508CB4EDF804A9D4F05AA53D18C5FFAE754CA6C4D0267DF663
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......2...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):269
                                                                                                                                                                                                                                      Entropy (8bit):5.280038644099168
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:SEcP+qPXc5rl2KLlAEdpHN+q29Xc5rK+IFUv:QP+aXcLLxpHIv9Xc03FUv
                                                                                                                                                                                                                                      MD5:103D2BDFD0F95CD94AB76F710C1C8557
                                                                                                                                                                                                                                      SHA1:0B3E44E23658A56244202C0F16533BC182DE4E62
                                                                                                                                                                                                                                      SHA-256:7FC2B1737F51721E05205960C9B1A3D78354127327FDE5067263258EC345D163
                                                                                                                                                                                                                                      SHA-512:688E33287676C32781344ADD42DF12DFF18300EB66821125CEF05280214F09F14E88502E94D1FF94F111B0FDDF0DFB088E064BAC1E426772F47CCEF3B1DA0BFA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.849 1a88 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db since it was missing..2024/10/23-09:33:28.949 1a88 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):184
                                                                                                                                                                                                                                      Entropy (8bit):3.7132512531707595
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:G0XttkJcsRwI9tkJcscml9t3moBNJ4XlfmoUQjJpl/tfmy6hX9l82z8//fmy6hXG:G0Xtqcsqc9Ct3msNJ4mwXl/1mph9l82K
                                                                                                                                                                                                                                      MD5:C748B7B7198094B72825009FD5111C41
                                                                                                                                                                                                                                      SHA1:56C17B3073F137CBDF65A29EC669AC1B077DBBB3
                                                                                                                                                                                                                                      SHA-256:2A96F6220C07E39029355F71F94ECCDB0F248FC7562B9A2DBBE10DAE15F79FF6
                                                                                                                                                                                                                                      SHA-512:D91F0752BBA75D78DB2C461564EC8EEBF6A04EAA5827F3156352581C9C8E27DEA167000518FCACDA90281DAA5B8D413027AE52149BD39FD4D74CEC9172AAD6E9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_.........................41_.....,....................41_.....

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):287
                                                                                                                                                                                                                                      Entropy (8bit):5.240651861020452
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:SEHdcqPXc5rzs52KLlAECkFN+q29Xc5rzAdIFUv:KaXcq9LuVv9XcnFUv
                                                                                                                                                                                                                                      MD5:394FA1C1409446551D99CB2AFFDB9FC8
                                                                                                                                                                                                                                      SHA1:E877D68505006E8FBDC2DD4AE502E5DAE57575A5
                                                                                                                                                                                                                                      SHA-256:7763A0CD0600AFB78E0ED35D6EC9C1CA7B2016E72FCC651959A87859E6B9DBD3
                                                                                                                                                                                                                                      SHA-512:5CABD5B0E6A914C9FFEE45513FE19943E8C2F884B8C3EF4D9DC6A09A3CA3029BC802C67F936E75B6B570D0DFE4ABEE8817F1ACFE7B340CBB4A934C2B16F1E3C2
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:2024/10/23-09:33:28.835 1a88 Creating DB C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata since it was missing..2024/10/23-09:33:28.846 1a88 Reusing MANIFEST C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\DevToolsActivePort

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                      Entropy (8bit):4.389631221614228
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:zRytSuyD3UJLCd2Hn:zot5g3UJLeg
                                                                                                                                                                                                                                      MD5:408C2C6B6D9057608DB00C5B9DBDC50E
                                                                                                                                                                                                                                      SHA1:2A941472987D59E3BA61A593D94F79AA42EFFE6B
                                                                                                                                                                                                                                      SHA-256:EE121E5C02024B3F7A1AB2674A7E89AAF898F481FAAD02F68A89265732E07E5B
                                                                                                                                                                                                                                      SHA-512:4FCB3B3BFF7EF72E73BDFCC14C11B3B49E17C8FC990E3E0644C96D7E831C4A2875F38275C89437BB11DD242E16F873B8431510A898A977714D5CF09A92F5FD59
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:49814./devtools/browser/e6402da8-119b-4155-8fed-efc083ae4aeb

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_0

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_2

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\data_3

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GrShaderCache\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:LsNlMIUX:Ls3MR
                                                                                                                                                                                                                                      MD5:04EB8A3BFA8A4F7E0EEA44445E5C8C50
                                                                                                                                                                                                                                      SHA1:CC26A172B1738F9117444604E937BFDC3852CD01
                                                                                                                                                                                                                                      SHA-256:4DCE4E89F67DE2798612854E8B350CE8C798447DB05B4852C8292CD36E16FDBE
                                                                                                                                                                                                                                      SHA-512:3EC6E3C16C9D92A35BD8D813474B869D3BA6ED0FEB30611975CBB6B6AD36DBD79F11F63487531FB5A837EA1FB5BB78674DED15254DAFBC11F138E54F4E53D274
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:...........................................6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_0

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_2

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\data_3

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\GraphiteDawnCache\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:LsNlxAHt:Ls32N
                                                                                                                                                                                                                                      MD5:C916A622C12731BAAFCC43B36899790A
                                                                                                                                                                                                                                      SHA1:A9E21DB032CAFF18DE07E4CB43E53E18F772158A
                                                                                                                                                                                                                                      SHA-256:00A9081325D70782FA1A0FD740D21C90C51BAF702B600AA512CB7B318714F47D
                                                                                                                                                                                                                                      SHA-512:331900865C42ABFD2F4E6204A4685EA8747C647F74B11530B9CA0FAECBA8D75539E30FF039294A72D38E6C4A01AE0245E01140A786EC95AD4DDEABAA053553DA
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................t..6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Last Version

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):14
                                                                                                                                                                                                                                      Entropy (8bit):2.9852281360342525
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:NYLYdR:auR
                                                                                                                                                                                                                                      MD5:CFF0A1C786FFD0ED820350C5AE8A9E3A
                                                                                                                                                                                                                                      SHA1:F1C65FEE9601D6C4451B4C1EE3F165DC83C5211B
                                                                                                                                                                                                                                      SHA-256:3F203968EAB70F6FCEEBED6DFBA8F57332FE48CC665206F0756AB54F8432BC52
                                                                                                                                                                                                                                      SHA-512:8612C4A2E2455480212F5B0ABF6F2BE6429C4FE8879D70090DC478CF355453D4B7E219F3E73BF48C1BFD3C73B55F55F5004293AC9D783FED4D0493B43A8F901A
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:117.0.5938.134

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Local State

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):78
                                                                                                                                                                                                                                      Entropy (8bit):4.258641931817481
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:YHWcxlwCfr2t26yyWrCf6Y:Y2PCfr2A7yWrCfz
                                                                                                                                                                                                                                      MD5:8B61E917846FFA930E0CB308C1F1A026
                                                                                                                                                                                                                                      SHA1:3D9E507A7A41E36A1C25659AD72A448368134FAD
                                                                                                                                                                                                                                      SHA-256:BFE95ECD1FF945712F2697925858B4A50834F6B96D90AB230B448317FC602AEB
                                                                                                                                                                                                                                      SHA-512:244CEEF0649F72C7371C96667CC829BFBF6C853D173D89A3F206B3384CA95F48F5D5A4DEFEC7897D84A876336942308A9D3357DB3FF56CB80C6D9AA1CE5B5FE9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{"background_mode":{"enabled":false},"ssl":{"rev_checking":{"enabled":false}}}

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Local State~RF3a672.TMP (copy)

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):78
                                                                                                                                                                                                                                      Entropy (8bit):4.258641931817481
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:YHWcxlwCfr2t26yyWrCf6Y:Y2PCfr2A7yWrCfz
                                                                                                                                                                                                                                      MD5:8B61E917846FFA930E0CB308C1F1A026
                                                                                                                                                                                                                                      SHA1:3D9E507A7A41E36A1C25659AD72A448368134FAD
                                                                                                                                                                                                                                      SHA-256:BFE95ECD1FF945712F2697925858B4A50834F6B96D90AB230B448317FC602AEB
                                                                                                                                                                                                                                      SHA-512:244CEEF0649F72C7371C96667CC829BFBF6C853D173D89A3F206B3384CA95F48F5D5A4DEFEC7897D84A876336942308A9D3357DB3FF56CB80C6D9AA1CE5B5FE9
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{"background_mode":{"enabled":false},"ssl":{"rev_checking":{"enabled":false}}}

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_0

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_1

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_2

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\data_3

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\ShaderCache\index

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:LsNlwVKll/:Ls33ll/
                                                                                                                                                                                                                                      MD5:AFE804CA71F38351F5188EDB6D3457DC
                                                                                                                                                                                                                                      SHA1:A6B68DA88B04C0ABCA58406A86D87D663F509DD8
                                                                                                                                                                                                                                      SHA-256:E915B9F1604802578E8B715629D917C6AC5D2B847DBA9F41408FBE5B04E6938C
                                                                                                                                                                                                                                      SHA-512:1BEBE021294A1E2F6BB32B23A9604DA40D5D6558588AEE0D0575620FDD97B5FA1D1A875F52FC122BCB518FE45D0FFE5D7DA6E63BA79C56C8B9A06E1E7CD54C09
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:...........................................6../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\Variations

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):86
                                                                                                                                                                                                                                      Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                                                                                                      MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                                                      SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                                                      SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                                                      SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\chrome_debug.log

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):495
                                                                                                                                                                                                                                      Entropy (8bit):5.188361801809695
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:12:oXXzUFBs54TLHDXgB+9EoKlxqFeXgB+9EoKl9N:onz0Bs54TLH7gId9F2gIdC
                                                                                                                                                                                                                                      MD5:A05C98EA80516114C6E44115DB7F766B
                                                                                                                                                                                                                                      SHA1:358C670CA1E4813268317341591806425E68360E
                                                                                                                                                                                                                                      SHA-256:DFE05704EFF1EA6897DD634D2AC74C858A5B79036145AF4778935506CF8D48B6
                                                                                                                                                                                                                                      SHA-512:34BF879DE24BC991FF10A7AF7C8E63E06CE8320EC426D025336E047C60216DDA584FC6D23D361CC1543781C22ED915B841923C5DCB39F91DD6279743E029328F
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:[2168:2488:1023/093328.441:WARNING:chrome_main_delegate.cc(609)] This is Chrome version 117.0.5938.134 (not a warning).[2168:2488:1023/093328.535:INFO:policy_logger.cc(142)] :components\enterprise\browser\controller\chrome_browser_cloud_management_controller.cc(168) Starting CBCM Controller Initialization.[2168:2488:1023/093328.535:INFO:policy_logger.cc(142)] :components\enterprise\browser\controller\chrome_browser_cloud_management_controller.cc(196) No machine level policy manager exists..

                                                                                                                                                                                                                                      C:\Windows\SystemTemp\scoped_dir5588_1830855051\e1a8b6e0-70cb-49a2-adb2-7001ac8236cc.tmp

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):821
                                                                                                                                                                                                                                      Entropy (8bit):5.730175477633325
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:24:YL7u5rrt4Ar/xXtNVn3dGfpU/OWxJfnBMf2DFXCYQwCung:Yafbr/xh3dGU/OW//BMuDFy9bug
                                                                                                                                                                                                                                      MD5:C594F2D0866810111B2146B78876839C
                                                                                                                                                                                                                                      SHA1:B9B15E47320683FBE49DDF07A83723ED1C837A56
                                                                                                                                                                                                                                      SHA-256:049D403CEDED2BE86E9B9D989B6264840F6DB34232506A41F6002CF7F954E2CC
                                                                                                                                                                                                                                      SHA-512:FBAA9108B721962F13F296F8A4266ECB73C6F5AA895DFF5123131F7DD4DE9CA3BED04CCCF4B3F631F6606AE45F0237ECB27176691078562EEA09933750205711
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:{"background_mode":{"enabled":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB8ocjlFh0+S7lN+F/8QOncEAAAABwAAABHAG8AbwBnAGwAZQAgAEMAaAByAG8AbQBlAAAAEGYAAAABAAAgAAAAf1VMgi821XSJTSIEC9pCB6Wp8wqmWPTChJVd/5wqSYkAAAAADoAAAAACAAAgAAAAnn5PEZOsCmfTxXV1q33tZMoitknJNB7NGDhNM86Qe1YwAAAAmK+nbwZfn/Y6mMVvNd3hcnIQOzkKrc/VxdqzRWZVmraybHElih7vJKQMDVpOvzRuQAAAANacS/69UoM54eK0gagZxY9Y/+TUnQQKbFwW/Vh5yBhlQXdpynCs85eGdfnavPeUG+6Omr3QyHwBAxLheMI/E/U="},"ssl":{"rev_checking":{"enabled":false}},"uninstall_metrics":{"installation_date2":"1729690408"},"user_experience_metrics":{"low_entropy_source3":3603,"pseudo_low_entropy_source":4562,"stability":{"browser_last_live_timestamp":"13374164008445230","stats_buildtime":"1695775911","stats_version":"117.0.5938.134-64","system_crash_count":0}}}

                                                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):68
                                                                                                                                                                                                                                      Entropy (8bit):4.393955260425758
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:3:vJFjlJABFReNmI4S2UUAuF5QEyn:zUMmI4S2UP3
                                                                                                                                                                                                                                      MD5:AF2070C328E4E1DE0E281379818384D3
                                                                                                                                                                                                                                      SHA1:14782AE16195FA9E1DDC9BCE7F87BF3F2D40B349
                                                                                                                                                                                                                                      SHA-256:3C9CDD704A0CF50BFCA910BF48477E838A95356BD54E5C8ACAB7EDCC0FC0361A
                                                                                                                                                                                                                                      SHA-512:A10256C01E9D0A8362BC5B32E25A3D4EFBBE1B0DB9B8CAC0B98CDD7ABC0D68C67D5AF3357FC319CE7BB0ECF55A6AAC83E3AEBE7DBEBC173E3A99D03F1FF7B4D5
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:[5632] Failed to execute script 'main' due to unhandled exception!..

                                                                                                                                                                                                                                      \Device\Null

                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                      Process:C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe
                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                      Size (bytes):318
                                                                                                                                                                                                                                      Entropy (8bit):5.0812079038317135
                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                      SSDEEP:6:j8NaGszhf+4t7UkCTvz/CZqEqz9+hOVYIa9hECr+IIKVGLv8xwECAZ2AGN8e:j8NEhfxUprz/CZ/qz9+h9IchHVMv8RC9
                                                                                                                                                                                                                                      MD5:88D25D0467AC1AA7F946EA1E0B16D6D7
                                                                                                                                                                                                                                      SHA1:59021BC8B629ADC4044E8D2F94ADDFAFD8C622DC
                                                                                                                                                                                                                                      SHA-256:5E986FEB741C639380F7E25B8AAFC324F56C057D5EA7F870EEF3C27D9FF200DE
                                                                                                                                                                                                                                      SHA-512:F9F83157538620DFFB0F02E0311D4FDDFF15D3264FEBE19A67B039FAF7FB0BEC8C88405C147790FD6A26372100A675E2225A7E8D39DA87E9AA8D4B3617E445D0
                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                      Preview:Starting ChromeDriver 114.0.5735.90 (386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}) on port 49712..Only local connections are allowed...Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe...ChromeDriver was started successfully...

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                      Entropy (8bit):7.995161709990041
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win64 Executable Console (202006/5) 77.37%
                                                                                                                                                                                                                                      • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                                      File name:file.exe
                                                                                                                                                                                                                                      File size:12'439'130 bytes
                                                                                                                                                                                                                                      MD5:2e25791fd09060fec2d4650c9872056b
                                                                                                                                                                                                                                      SHA1:fb478cf8b83a4c59c8387705eab080e890d45aa9
                                                                                                                                                                                                                                      SHA256:5e710e7f5f14a4e4fbc0b8a2d2845742f3272b38437d7789e53327ec34e7bd25
                                                                                                                                                                                                                                      SHA512:c03fda23ba3176da141eec4f0f4dfd62832aff2d67785246735311b5a5f9c6936b8141447ea61cffad6889f1c95bdbebfad49589350165d57e70fdb388224843
                                                                                                                                                                                                                                      SSDEEP:196608:sosFymvdsBcs4njQthsiHzy7kZCCQHZcuZeaTB3ukzVm8AbrHoOXLPmxrMiFenEd:EnvaBcNnKhs57R59sw3n48A4oLKMiFeg
                                                                                                                                                                                                                                      TLSH:F4C63380F2A019EEE53B417D4926C524CEB67C754752855B83F8973B7F833E2AD3A680
                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................1.............-.............................................H.......H.......Rich...................

                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                      Icon Hash:2e1e7c4c4c61e979

                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Entrypoint:0x14000a6a0
                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                      Subsystem:windows cui
                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                      Time Stamp:0x64862FBE [Sun Jun 11 20:34:06 2023 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                      OS Version Minor:2
                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                      File Version Minor:2
                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                      Subsystem Version Minor:2
                                                                                                                                                                                                                                      Import Hash:ba5546933531fafa869b1f86a4e2a959

                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                      call 00007F293087AECCh
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                      jmp 00007F293087AACFh
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                      call 00007F293087B414h
                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                      je 00007F293087AC83h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                      jmp 00007F293087AC67h
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                                                      je 00007F293087AC76h
                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      cmpxchg dword ptr [00041E8Ch], ecx
                                                                                                                                                                                                                                      jne 00007F293087AC50h
                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                      jmp 00007F293087AC59h
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                                      movzx eax, byte ptr [00041E77h]
                                                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                                                      mov ebx, 00000001h
                                                                                                                                                                                                                                      cmove eax, ebx
                                                                                                                                                                                                                                      mov byte ptr [00041E67h], al
                                                                                                                                                                                                                                      call 00007F293087B213h
                                                                                                                                                                                                                                      call 00007F293087C342h
                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                      jne 00007F293087AC66h
                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                      jmp 00007F293087AC76h
                                                                                                                                                                                                                                      call 00007F2930889721h
                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                      jne 00007F293087AC6Bh
                                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                                      call 00007F293087C352h
                                                                                                                                                                                                                                      jmp 00007F293087AC4Ch
                                                                                                                                                                                                                                      mov al, bl
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      add esp, 20h
                                                                                                                                                                                                                                      pop ebx
                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                                      cmp byte ptr [00041E2Ch], 00000000h
                                                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                                                      jne 00007F293087ACC9h
                                                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                                                      jnbe 00007F293087ACCCh
                                                                                                                                                                                                                                      call 00007F293087B37Ah
                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                      je 00007F293087AC8Ah

                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3bb940x3c.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000xf008.rsrc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20e8.pdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000x75c.reloc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x393500x1c.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x392100x140.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                      .text0x10000x288900x28a007c71956ea75242f33df45f4d2c19a4d8False0.5562019230769231zlib compressed data6.489977853279916IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .rdata0x2a0000x1271a0x128002f3112adafa7849583c91b2e243c0c2bFalse0.515941722972973data5.846275981119128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .data0x3d0000x103f80xe009bd2cebaa3285e8e266c4c373a15119dFalse0.13337053571428573DOS executable (block device driver \377\3)1.808915577448681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .pdata0x4e0000x20e80x2200f2a57235499cb8c84daf2de6f18a85ebFalse0.4756433823529412data5.330974160786823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      _RDATA0x510000x15c0x20032c20bb907888de565d4d8836d097016False0.392578125data2.795351059303424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .rsrc0x520000xf0080xf200a6e06e42ca591f2b18bf1999b2fb04a0False0.795051007231405data7.356245303547818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                      .reloc0x620000x75c0x800b7279c82d58eeae8dc663879402c6f2eFalse0.54296875data5.238892234772638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                      RT_ICON0x522080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                                                                                                                                                                                      RT_ICON0x530b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                                                                                                                                                                                      RT_ICON0x539580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                                                                                                                                                                                      RT_ICON0x53ec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                                                                                                                                                                                      RT_ICON0x5cf5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                                                                                                                                                                                      RT_ICON0x5f5040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                                                                                                                                                                                      RT_ICON0x605ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                                                                                                                                                                                      RT_GROUP_ICON0x60a140x68data0.7019230769230769
                                                                                                                                                                                                                                      RT_MANIFEST0x60a7c0x589XML 1.0 document, ASCII text, with CRLF line terminators0.4453069865913903

                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                      KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, WriteConsoleW, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, FreeLibrary, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, SetEndOfFile
                                                                                                                                                                                                                                      ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Oct 23, 2024 15:33:30.250884056 CEST53529001.1.1.1192.168.2.6

                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                      Start time:09:33:04
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                      Imagebase:0x7ff6dcd90000
                                                                                                                                                                                                                                      File size:12'439'130 bytes
                                                                                                                                                                                                                                      MD5 hash:2E25791FD09060FEC2D4650C9872056B
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                      Start time:09:33:04
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                      Start time:09:33:06
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                      Imagebase:0x7ff6dcd90000
                                                                                                                                                                                                                                      File size:12'439'130 bytes
                                                                                                                                                                                                                                      MD5 hash:2E25791FD09060FEC2D4650C9872056B
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                      Start time:09:33:07
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\_MEI13642\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --output json
                                                                                                                                                                                                                                      Imagebase:0x9b0000
                                                                                                                                                                                                                                      File size:3'172'864 bytes
                                                                                                                                                                                                                                      MD5 hash:B97E5ECDFD825A3A31183927E23E0199
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:Rust
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                      Start time:09:33:07
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"cmd" /v/c "wmic os get osarchitecture"
                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                      Start time:09:33:07
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:wmic os get osarchitecture
                                                                                                                                                                                                                                      Imagebase:0x280000
                                                                                                                                                                                                                                      File size:427'008 bytes
                                                                                                                                                                                                                                      MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                      Start time:09:33:10
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"cmd" /v/c "set PFILES=%PROGRAMFILES: (x86)=%&& wmic datafile where name='!PFILES:\=\\!\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                      Start time:09:33:10
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
                                                                                                                                                                                                                                      Imagebase:0x280000
                                                                                                                                                                                                                                      File size:427'008 bytes
                                                                                                                                                                                                                                      MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                      Start time:09:33:16
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"cmd" /v/c "chromedriver --version"
                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                      Start time:09:33:27
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                      Imagebase:0x7ff733720000
                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                      Start time:09:33:27
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:C:\Users\user\.cache\selenium\chromedriver\win32\114.0.5735.90\chromedriver.exe --port=49712
                                                                                                                                                                                                                                      Imagebase:0xba0000
                                                                                                                                                                                                                                      File size:12'273'664 bytes
                                                                                                                                                                                                                                      MD5 hash:11DA4A5176071F39DE7F81464E4B40BD
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                      Start time:09:33:28
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" data:,
                                                                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                      Start time:09:33:28
                                                                                                                                                                                                                                      Start date:23/10/2024
                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Windows\SystemTemp\scoped_dir5588_1830855051" --enable-logging --log-level=0 --mojo-platform-channel-handle=2084 --field-trial-handle=2036,i,13163750102934017534,8503344207815821219,262144 /prefetch:8
                                                                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:12.3%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                        Signature Coverage:15.2%
                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                        Total number of Limit Nodes:49
                                                                                                                                                                                                                                        execution_graph 18638 7ff6dcdb0620 18656 7ff6dcdaf808 EnterCriticalSection 18638->18656 15846 7ff6dcda8919 15858 7ff6dcda9238 15846->15858 15859 7ff6dcdaa780 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15858->15859 15860 7ff6dcda9241 15859->15860 15861 7ff6dcda936c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15860->15861 15862 7ff6dcda9261 15861->15862 15993 7ff6dcd9a51c 16014 7ff6dcd9a6fc 15993->16014 15996 7ff6dcd9a673 16121 7ff6dcd9aa2c IsProcessorFeaturePresent 15996->16121 15997 7ff6dcd9a53d __scrt_acquire_startup_lock 15999 7ff6dcd9a67d 15997->15999 16005 7ff6dcd9a55b __scrt_release_startup_lock 15997->16005 16000 7ff6dcd9aa2c 7 API calls 15999->16000 16002 7ff6dcd9a688 __FrameHandler3::FrameUnwindToEmptyState 16000->16002 16001 7ff6dcd9a580 16003 7ff6dcd9a606 16022 7ff6dcda8738 16003->16022 16005->16001 16005->16003 16110 7ff6dcda8ae4 16005->16110 16007 7ff6dcd9a60b 16028 7ff6dcd91000 16007->16028 16011 7ff6dcd9a62f 16011->16002 16117 7ff6dcd9a890 16011->16117 16128 7ff6dcd9accc 16014->16128 16017 7ff6dcd9a72b 16130 7ff6dcda91ec 16017->16130 16021 7ff6dcd9a535 16021->15996 16021->15997 16023 7ff6dcda8748 16022->16023 16026 7ff6dcda875d 16022->16026 16023->16026 16173 7ff6dcda81c8 16023->16173 16026->16007 16029 7ff6dcd91011 16028->16029 16220 7ff6dcd967c0 16029->16220 16031 7ff6dcd91023 16227 7ff6dcda4f7c 16031->16227 16033 7ff6dcd927ab 16234 7ff6dcd91af0 16033->16234 16037 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16038 7ff6dcd928de 16037->16038 16115 7ff6dcd9ab80 GetModuleHandleW 16038->16115 16039 7ff6dcd927c9 16102 7ff6dcd928ca 16039->16102 16250 7ff6dcd92c50 16039->16250 16041 7ff6dcd927fb 16041->16102 16253 7ff6dcd95af0 16041->16253 16043 7ff6dcd92817 16044 7ff6dcd92863 16043->16044 16046 7ff6dcd95af0 92 API calls 16043->16046 16268 7ff6dcd960f0 16044->16268 16050 7ff6dcd92838 __std_exception_destroy 16046->16050 16047 7ff6dcd92878 16272 7ff6dcd919d0 16047->16272 16050->16044 16054 7ff6dcd960f0 89 API calls 16050->16054 16051 7ff6dcd9296d 16052 7ff6dcd92998 16051->16052 16394 7ff6dcd924a0 16051->16394 16061 7ff6dcd929db 16052->16061 16283 7ff6dcd96db0 16052->16283 16053 7ff6dcd919d0 121 API calls 16057 7ff6dcd928ae 16053->16057 16054->16044 16059 7ff6dcd928f0 16057->16059 16060 7ff6dcd928b2 16057->16060 16058 7ff6dcd929b8 16062 7ff6dcd929ce SetDllDirectoryW 16058->16062 16063 7ff6dcd929bd 16058->16063 16059->16051 16371 7ff6dcd92de0 16059->16371 16365 7ff6dcd91c50 16060->16365 16297 7ff6dcd94fa0 16061->16297 16062->16061 16067 7ff6dcd91c50 86 API calls 16063->16067 16067->16102 16070 7ff6dcd92a36 16077 7ff6dcd92af6 16070->16077 16084 7ff6dcd92a49 16070->16084 16071 7ff6dcd92912 16074 7ff6dcd91c50 86 API calls 16071->16074 16074->16102 16075 7ff6dcd929f8 16075->16070 16408 7ff6dcd947a0 16075->16408 16076 7ff6dcd92940 16076->16051 16078 7ff6dcd92945 16076->16078 16301 7ff6dcd92330 16077->16301 16390 7ff6dcd9e60c 16078->16390 16091 7ff6dcd92a95 16084->16091 16502 7ff6dcd91b30 16084->16502 16085 7ff6dcd92a2c 16090 7ff6dcd949f0 FreeLibrary 16085->16090 16086 7ff6dcd92a0d 16428 7ff6dcd94730 16086->16428 16090->16070 16091->16102 16506 7ff6dcd922d0 16091->16506 16092 7ff6dcd92a17 16092->16085 16094 7ff6dcd92a1b 16092->16094 16093 7ff6dcd92b2b 16095 7ff6dcd95af0 92 API calls 16093->16095 16496 7ff6dcd94df0 16094->16496 16100 7ff6dcd92b37 16095->16100 16097 7ff6dcd92ad1 16101 7ff6dcd949f0 FreeLibrary 16097->16101 16100->16102 16318 7ff6dcd96130 16100->16318 16101->16102 16102->16037 16111 7ff6dcda8b1c 16110->16111 16112 7ff6dcda8afb 16110->16112 16113 7ff6dcda9238 45 API calls 16111->16113 16112->16003 16114 7ff6dcda8b21 16113->16114 16116 7ff6dcd9ab91 16115->16116 16116->16011 16119 7ff6dcd9a8a1 16117->16119 16118 7ff6dcd9a646 16118->16001 16119->16118 16120 7ff6dcd9be28 __scrt_initialize_crt 7 API calls 16119->16120 16120->16118 16122 7ff6dcd9aa52 _wfindfirst32i64 memcpy_s 16121->16122 16123 7ff6dcd9aa71 RtlCaptureContext RtlLookupFunctionEntry 16122->16123 16124 7ff6dcd9aad6 memcpy_s 16123->16124 16125 7ff6dcd9aa9a RtlVirtualUnwind 16123->16125 16126 7ff6dcd9ab08 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16124->16126 16125->16124 16127 7ff6dcd9ab5a _wfindfirst32i64 16126->16127 16127->15999 16129 7ff6dcd9a71e __scrt_dllmain_crt_thread_attach 16128->16129 16129->16017 16129->16021 16131 7ff6dcdb264c 16130->16131 16132 7ff6dcd9a730 16131->16132 16140 7ff6dcdabb50 16131->16140 16132->16021 16134 7ff6dcd9be28 16132->16134 16135 7ff6dcd9be30 16134->16135 16136 7ff6dcd9be3a 16134->16136 16152 7ff6dcd9c1a4 16135->16152 16136->16021 16151 7ff6dcdaf808 EnterCriticalSection 16140->16151 16153 7ff6dcd9be35 16152->16153 16154 7ff6dcd9c1b3 16152->16154 16156 7ff6dcd9c210 16153->16156 16160 7ff6dcd9c3e0 16154->16160 16157 7ff6dcd9c23b 16156->16157 16158 7ff6dcd9c23f 16157->16158 16159 7ff6dcd9c21e DeleteCriticalSection 16157->16159 16158->16136 16159->16157 16164 7ff6dcd9c248 16160->16164 16165 7ff6dcd9c362 TlsFree 16164->16165 16171 7ff6dcd9c28c __vcrt_FlsAlloc 16164->16171 16166 7ff6dcd9c2ba LoadLibraryExW 16167 7ff6dcd9c331 16166->16167 16168 7ff6dcd9c2db GetLastError 16166->16168 16169 7ff6dcd9c351 GetProcAddress 16167->16169 16170 7ff6dcd9c348 FreeLibrary 16167->16170 16168->16171 16169->16165 16170->16169 16171->16165 16171->16166 16171->16169 16172 7ff6dcd9c2fd LoadLibraryExW 16171->16172 16172->16167 16172->16171 16174 7ff6dcda81e1 16173->16174 16175 7ff6dcda81dd 16173->16175 16194 7ff6dcdb1bfc GetEnvironmentStringsW 16174->16194 16175->16026 16186 7ff6dcda8588 16175->16186 16178 7ff6dcda81ee 16180 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16178->16180 16179 7ff6dcda81fa 16201 7ff6dcda8348 16179->16201 16180->16175 16183 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16184 7ff6dcda8221 16183->16184 16185 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16184->16185 16185->16175 16187 7ff6dcda85ab 16186->16187 16190 7ff6dcda85c2 16186->16190 16187->16026 16188 7ff6dcdae870 MultiByteToWideChar _fread_nolock 16188->16190 16189 7ff6dcdadeb8 _set_fmode 11 API calls 16189->16190 16190->16187 16190->16188 16190->16189 16191 7ff6dcda8636 16190->16191 16193 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16190->16193 16192 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16191->16192 16192->16187 16193->16190 16195 7ff6dcdb1c20 16194->16195 16196 7ff6dcda81e6 16194->16196 16197 7ff6dcdacc2c _fread_nolock 12 API calls 16195->16197 16196->16178 16196->16179 16199 7ff6dcdb1c57 memcpy_s 16197->16199 16198 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16200 7ff6dcdb1c77 FreeEnvironmentStringsW 16198->16200 16199->16198 16200->16196 16202 7ff6dcda8370 16201->16202 16203 7ff6dcdadeb8 _set_fmode 11 API calls 16202->16203 16209 7ff6dcda83ab 16203->16209 16204 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16205 7ff6dcda8202 16204->16205 16205->16183 16206 7ff6dcda842d 16207 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16206->16207 16207->16205 16208 7ff6dcdadeb8 _set_fmode 11 API calls 16208->16209 16209->16206 16209->16208 16210 7ff6dcda841c 16209->16210 16211 7ff6dcdaf9a4 _wfindfirst32i64 37 API calls 16209->16211 16214 7ff6dcda8450 16209->16214 16217 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16209->16217 16218 7ff6dcda83b3 16209->16218 16212 7ff6dcda8464 11 API calls 16210->16212 16211->16209 16213 7ff6dcda8424 16212->16213 16215 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16213->16215 16216 7ff6dcda9f30 _wfindfirst32i64 17 API calls 16214->16216 16215->16218 16219 7ff6dcda8462 16216->16219 16217->16209 16218->16204 16222 7ff6dcd967df 16220->16222 16221 7ff6dcd96830 WideCharToMultiByte 16221->16222 16224 7ff6dcd968d8 16221->16224 16222->16221 16222->16224 16225 7ff6dcd96886 WideCharToMultiByte 16222->16225 16226 7ff6dcd967e7 __std_exception_destroy 16222->16226 16534 7ff6dcd91cb0 16224->16534 16225->16222 16225->16224 16226->16031 16230 7ff6dcdaecc0 16227->16230 16228 7ff6dcdaed13 16229 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16228->16229 16233 7ff6dcdaed3c 16229->16233 16230->16228 16231 7ff6dcdaed66 16230->16231 16834 7ff6dcdaeb98 16231->16834 16233->16033 16235 7ff6dcd91b05 16234->16235 16237 7ff6dcd91b20 16235->16237 16842 7ff6dcd91c10 16235->16842 16237->16102 16238 7ff6dcd92cd0 16237->16238 16865 7ff6dcd9a130 16238->16865 16241 7ff6dcd92d22 16867 7ff6dcd96ec0 16241->16867 16242 7ff6dcd92d0b 16243 7ff6dcd91cb0 86 API calls 16242->16243 16245 7ff6dcd92d1e 16243->16245 16247 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16245->16247 16249 7ff6dcd92d5f 16247->16249 16248 7ff6dcd91c50 86 API calls 16248->16245 16249->16039 16251 7ff6dcd91b30 49 API calls 16250->16251 16252 7ff6dcd92c6d 16251->16252 16252->16041 16254 7ff6dcd95afa 16253->16254 16255 7ff6dcd96db0 88 API calls 16254->16255 16256 7ff6dcd95b1c GetEnvironmentVariableW 16255->16256 16257 7ff6dcd95b34 ExpandEnvironmentStringsW 16256->16257 16258 7ff6dcd95b86 16256->16258 16260 7ff6dcd96ec0 88 API calls 16257->16260 16259 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16258->16259 16261 7ff6dcd95b98 16259->16261 16262 7ff6dcd95b5c 16260->16262 16261->16043 16262->16258 16263 7ff6dcd95b66 16262->16263 16878 7ff6dcda926c 16263->16878 16266 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16267 7ff6dcd95b7e 16266->16267 16267->16043 16269 7ff6dcd96db0 88 API calls 16268->16269 16270 7ff6dcd96107 SetEnvironmentVariableW 16269->16270 16271 7ff6dcd9611f __std_exception_destroy 16270->16271 16271->16047 16273 7ff6dcd91b30 49 API calls 16272->16273 16274 7ff6dcd91a00 16273->16274 16275 7ff6dcd91b30 49 API calls 16274->16275 16281 7ff6dcd91a7a 16274->16281 16276 7ff6dcd91a22 16275->16276 16277 7ff6dcd92c50 49 API calls 16276->16277 16276->16281 16278 7ff6dcd91a3b 16277->16278 16885 7ff6dcd917b0 16278->16885 16281->16051 16281->16053 16282 7ff6dcd9e60c 74 API calls 16282->16281 16284 7ff6dcd96dd1 MultiByteToWideChar 16283->16284 16285 7ff6dcd96e57 MultiByteToWideChar 16283->16285 16286 7ff6dcd96df7 16284->16286 16287 7ff6dcd96e1c 16284->16287 16288 7ff6dcd96e9f 16285->16288 16289 7ff6dcd96e7a 16285->16289 16290 7ff6dcd91cb0 86 API calls 16286->16290 16287->16285 16294 7ff6dcd96e32 16287->16294 16288->16058 16291 7ff6dcd91cb0 86 API calls 16289->16291 16292 7ff6dcd96e0a 16290->16292 16293 7ff6dcd96e8d 16291->16293 16292->16058 16293->16058 16295 7ff6dcd91cb0 86 API calls 16294->16295 16296 7ff6dcd96e45 16295->16296 16296->16058 16298 7ff6dcd94fb5 16297->16298 16299 7ff6dcd929e0 16298->16299 16300 7ff6dcd91c10 86 API calls 16298->16300 16299->16070 16398 7ff6dcd94c40 16299->16398 16300->16299 16302 7ff6dcd923e4 16301->16302 16310 7ff6dcd923a3 16301->16310 16303 7ff6dcd92423 16302->16303 16304 7ff6dcd91ab0 74 API calls 16302->16304 16305 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16303->16305 16304->16302 16306 7ff6dcd92435 16305->16306 16306->16102 16311 7ff6dcd96080 16306->16311 16310->16302 16958 7ff6dcd91440 16310->16958 16992 7ff6dcd91dc0 16310->16992 17047 7ff6dcd91780 16310->17047 16312 7ff6dcd96db0 88 API calls 16311->16312 16313 7ff6dcd9609f 16312->16313 16314 7ff6dcd96db0 88 API calls 16313->16314 16315 7ff6dcd960af 16314->16315 16316 7ff6dcda6818 38 API calls 16315->16316 16317 7ff6dcd960bd __std_exception_destroy 16316->16317 16317->16093 16319 7ff6dcd96140 16318->16319 16320 7ff6dcd96db0 88 API calls 16319->16320 16321 7ff6dcd96171 SetConsoleCtrlHandler GetStartupInfoW 16320->16321 16322 7ff6dcd961d2 16321->16322 17842 7ff6dcda92e4 16322->17842 16326 7ff6dcd961e1 16327 7ff6dcda92e4 _fread_nolock 37 API calls 16326->16327 16366 7ff6dcd91c6e 16365->16366 16367 7ff6dcd91b90 78 API calls 16366->16367 16368 7ff6dcd91c8c 16367->16368 16369 7ff6dcd91d00 86 API calls 16368->16369 16370 7ff6dcd91c9b 16369->16370 16370->16102 16372 7ff6dcd92dec 16371->16372 16373 7ff6dcd96db0 88 API calls 16372->16373 16374 7ff6dcd92e17 16373->16374 16375 7ff6dcd96db0 88 API calls 16374->16375 16376 7ff6dcd92e2a 16375->16376 17898 7ff6dcda5538 16376->17898 16379 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16380 7ff6dcd9290a 16379->16380 16380->16071 16381 7ff6dcd96360 16380->16381 16382 7ff6dcd96384 16381->16382 16383 7ff6dcd9ec94 73 API calls 16382->16383 16388 7ff6dcd9645b __std_exception_destroy 16382->16388 16384 7ff6dcd9639e 16383->16384 16384->16388 18277 7ff6dcda7a9c 16384->18277 16386 7ff6dcd9ec94 73 API calls 16389 7ff6dcd963b3 16386->16389 16387 7ff6dcd9e95c _fread_nolock 53 API calls 16387->16389 16388->16076 16389->16386 16389->16387 16389->16388 16391 7ff6dcd9e63c 16390->16391 18292 7ff6dcd9e3e8 16391->18292 16393 7ff6dcd9e655 16393->16071 16395 7ff6dcd924b7 16394->16395 16396 7ff6dcd924e0 16394->16396 16395->16396 16397 7ff6dcd91780 86 API calls 16395->16397 16396->16052 16397->16395 16399 7ff6dcd94c64 16398->16399 16404 7ff6dcd94c91 16398->16404 16400 7ff6dcd94c8c 16399->16400 16401 7ff6dcd94c87 memcpy_s __std_exception_destroy 16399->16401 16402 7ff6dcd91780 86 API calls 16399->16402 16399->16404 18303 7ff6dcd912b0 16400->18303 16401->16075 16402->16399 16404->16401 18329 7ff6dcd92e60 16404->18329 16406 7ff6dcd91c50 86 API calls 16406->16401 16407 7ff6dcd94cf7 16407->16401 16407->16406 16422 7ff6dcd947ba memcpy_s 16408->16422 16410 7ff6dcd948df 16412 7ff6dcd92e60 49 API calls 16410->16412 16411 7ff6dcd948fb 16413 7ff6dcd91c50 86 API calls 16411->16413 16414 7ff6dcd94958 16412->16414 16418 7ff6dcd948f1 __std_exception_destroy 16413->16418 16417 7ff6dcd92e60 49 API calls 16414->16417 16415 7ff6dcd92e60 49 API calls 16415->16422 16416 7ff6dcd948c0 16416->16410 16419 7ff6dcd92e60 49 API calls 16416->16419 16420 7ff6dcd94988 16417->16420 16421 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16418->16421 16419->16410 16425 7ff6dcd92e60 49 API calls 16420->16425 16423 7ff6dcd92a09 16421->16423 16422->16410 16422->16411 16422->16415 16422->16416 16424 7ff6dcd91440 158 API calls 16422->16424 16426 7ff6dcd948e1 16422->16426 18332 7ff6dcd91650 16422->18332 16423->16085 16423->16086 16424->16422 16425->16418 16427 7ff6dcd91c50 86 API calls 16426->16427 16427->16418 18337 7ff6dcd96310 16428->18337 16430 7ff6dcd94742 16431 7ff6dcd96310 89 API calls 16430->16431 16432 7ff6dcd94755 16431->16432 16433 7ff6dcd9477a 16432->16433 16435 7ff6dcd9476d GetProcAddress 16432->16435 16434 7ff6dcd91c50 86 API calls 16433->16434 16436 7ff6dcd94786 16434->16436 16438 7ff6dcd950d9 16435->16438 16439 7ff6dcd950fc GetProcAddress 16435->16439 16436->16092 16441 7ff6dcd91cb0 86 API calls 16438->16441 16439->16438 16440 7ff6dcd95121 GetProcAddress 16439->16440 16440->16438 16442 7ff6dcd95146 GetProcAddress 16440->16442 16443 7ff6dcd950ec 16441->16443 16442->16438 16444 7ff6dcd9516e GetProcAddress 16442->16444 16443->16092 16444->16438 16445 7ff6dcd95196 GetProcAddress 16444->16445 16445->16438 16446 7ff6dcd951be GetProcAddress 16445->16446 16447 7ff6dcd951e6 GetProcAddress 16446->16447 16448 7ff6dcd951da 16446->16448 16449 7ff6dcd9520e GetProcAddress 16447->16449 16450 7ff6dcd95202 16447->16450 16448->16447 16450->16449 16497 7ff6dcd94e14 16496->16497 16498 7ff6dcd91c50 86 API calls 16497->16498 16501 7ff6dcd92a2a 16497->16501 16501->16070 16503 7ff6dcd91b55 16502->16503 16504 7ff6dcda3c80 49 API calls 16503->16504 16505 7ff6dcd91b78 16504->16505 16505->16091 18341 7ff6dcd93ac0 16506->18341 16509 7ff6dcd9231d 16509->16097 16511 7ff6dcd922f4 16511->16509 18397 7ff6dcd93840 16511->18397 16513 7ff6dcd92300 16513->16509 18407 7ff6dcd939a0 16513->18407 16541 7ff6dcd91d00 16534->16541 16542 7ff6dcd91d10 16541->16542 16566 7ff6dcda3c80 16542->16566 16546 7ff6dcd91d70 16599 7ff6dcd91b90 16546->16599 16549 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16550 7ff6dcd91cd7 GetLastError 16549->16550 16551 7ff6dcd96670 16550->16551 16552 7ff6dcd9667c 16551->16552 16553 7ff6dcd96697 GetLastError 16552->16553 16554 7ff6dcd9669d FormatMessageW 16552->16554 16553->16554 16555 7ff6dcd966d0 16554->16555 16556 7ff6dcd966ec WideCharToMultiByte 16554->16556 16557 7ff6dcd91cb0 83 API calls 16555->16557 16558 7ff6dcd966e3 16556->16558 16559 7ff6dcd96726 16556->16559 16557->16558 16561 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16558->16561 16560 7ff6dcd91cb0 83 API calls 16559->16560 16560->16558 16562 7ff6dcd91ce4 16561->16562 16563 7ff6dcd91be0 16562->16563 16564 7ff6dcd91d00 86 API calls 16563->16564 16565 7ff6dcd91c02 16564->16565 16565->16226 16568 7ff6dcda3cda 16566->16568 16567 7ff6dcda3cff 16570 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16567->16570 16568->16567 16569 7ff6dcda3d3b 16568->16569 16603 7ff6dcda16c4 16569->16603 16572 7ff6dcda3d29 16570->16572 16573 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16572->16573 16576 7ff6dcd91d58 16573->16576 16574 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16574->16572 16584 7ff6dcd96bf0 MultiByteToWideChar 16576->16584 16577 7ff6dcda3e3c 16579 7ff6dcda3e46 16577->16579 16582 7ff6dcda3e18 16577->16582 16578 7ff6dcda3de4 16581 7ff6dcda3ded 16578->16581 16578->16582 16583 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16579->16583 16580 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16580->16572 16581->16580 16582->16574 16583->16572 16585 7ff6dcd96c53 16584->16585 16586 7ff6dcd96c39 16584->16586 16588 7ff6dcd96c83 MultiByteToWideChar 16585->16588 16589 7ff6dcd96c69 16585->16589 16587 7ff6dcd91cb0 82 API calls 16586->16587 16598 7ff6dcd96c4c __std_exception_destroy 16587->16598 16590 7ff6dcd96cc0 WideCharToMultiByte 16588->16590 16591 7ff6dcd96ca6 16588->16591 16592 7ff6dcd91cb0 82 API calls 16589->16592 16594 7ff6dcd96cf6 16590->16594 16596 7ff6dcd96ced 16590->16596 16593 7ff6dcd91cb0 82 API calls 16591->16593 16592->16598 16593->16598 16595 7ff6dcd96d1b WideCharToMultiByte 16594->16595 16594->16596 16595->16596 16595->16598 16597 7ff6dcd91cb0 82 API calls 16596->16597 16597->16598 16598->16546 16600 7ff6dcd91bb6 16599->16600 16819 7ff6dcda3b5c 16600->16819 16602 7ff6dcd91bcc 16602->16549 16604 7ff6dcda1702 16603->16604 16605 7ff6dcda16f2 16603->16605 16606 7ff6dcda170b 16604->16606 16613 7ff6dcda1739 16604->16613 16609 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16605->16609 16607 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16606->16607 16608 7ff6dcda1731 16607->16608 16608->16577 16608->16578 16608->16581 16608->16582 16609->16608 16612 7ff6dcda19e8 16615 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16612->16615 16613->16605 16613->16608 16613->16612 16617 7ff6dcda2614 16613->16617 16643 7ff6dcda1ea4 16613->16643 16673 7ff6dcda120c 16613->16673 16676 7ff6dcda3830 16613->16676 16615->16605 16618 7ff6dcda2656 16617->16618 16619 7ff6dcda26c9 16617->16619 16622 7ff6dcda26f3 16618->16622 16623 7ff6dcda265c 16618->16623 16620 7ff6dcda26ce 16619->16620 16621 7ff6dcda2723 16619->16621 16624 7ff6dcda26d0 16620->16624 16625 7ff6dcda2703 16620->16625 16621->16622 16634 7ff6dcda2732 16621->16634 16641 7ff6dcda268c 16621->16641 16700 7ff6dcda0150 16622->16700 16630 7ff6dcda2661 16623->16630 16623->16634 16626 7ff6dcda2671 16624->16626 16633 7ff6dcda26df 16624->16633 16707 7ff6dcd9fd40 16625->16707 16642 7ff6dcda2761 16626->16642 16682 7ff6dcda2f78 16626->16682 16630->16626 16632 7ff6dcda26a4 16630->16632 16630->16641 16632->16642 16692 7ff6dcda3434 16632->16692 16633->16622 16635 7ff6dcda26e4 16633->16635 16634->16642 16714 7ff6dcda0560 16634->16714 16635->16642 16696 7ff6dcda35cc 16635->16696 16637 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16639 7ff6dcda29f7 16637->16639 16639->16613 16641->16642 16721 7ff6dcdadb60 16641->16721 16642->16637 16644 7ff6dcda1eaf 16643->16644 16645 7ff6dcda1ec5 16643->16645 16647 7ff6dcda2656 16644->16647 16648 7ff6dcda26c9 16644->16648 16657 7ff6dcda1f03 16644->16657 16646 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16645->16646 16645->16657 16646->16657 16651 7ff6dcda26f3 16647->16651 16652 7ff6dcda265c 16647->16652 16649 7ff6dcda26ce 16648->16649 16650 7ff6dcda2723 16648->16650 16653 7ff6dcda26d0 16649->16653 16654 7ff6dcda2703 16649->16654 16650->16651 16664 7ff6dcda2732 16650->16664 16671 7ff6dcda268c 16650->16671 16656 7ff6dcda0150 38 API calls 16651->16656 16660 7ff6dcda2661 16652->16660 16652->16664 16655 7ff6dcda2671 16653->16655 16662 7ff6dcda26df 16653->16662 16658 7ff6dcd9fd40 38 API calls 16654->16658 16659 7ff6dcda2f78 47 API calls 16655->16659 16672 7ff6dcda2761 16655->16672 16656->16671 16657->16613 16658->16671 16659->16671 16660->16655 16663 7ff6dcda26a4 16660->16663 16660->16671 16661 7ff6dcda0560 38 API calls 16661->16671 16662->16651 16665 7ff6dcda26e4 16662->16665 16666 7ff6dcda3434 47 API calls 16663->16666 16663->16672 16664->16661 16664->16672 16668 7ff6dcda35cc 37 API calls 16665->16668 16665->16672 16666->16671 16667 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16669 7ff6dcda29f7 16667->16669 16668->16671 16669->16613 16670 7ff6dcdadb60 47 API calls 16670->16671 16671->16670 16671->16672 16672->16667 16794 7ff6dcd9f314 16673->16794 16677 7ff6dcda3847 16676->16677 16811 7ff6dcdaccc0 16677->16811 16683 7ff6dcda2f9a 16682->16683 16731 7ff6dcd9f180 16683->16731 16688 7ff6dcda30d7 16689 7ff6dcda3160 16688->16689 16691 7ff6dcda3830 45 API calls 16688->16691 16689->16641 16690 7ff6dcda3830 45 API calls 16690->16688 16691->16689 16693 7ff6dcda344c 16692->16693 16695 7ff6dcda34b4 16692->16695 16694 7ff6dcdadb60 47 API calls 16693->16694 16693->16695 16694->16695 16695->16641 16697 7ff6dcda35ed 16696->16697 16698 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16697->16698 16699 7ff6dcda361e 16697->16699 16698->16699 16699->16641 16701 7ff6dcda0183 16700->16701 16702 7ff6dcda01b2 16701->16702 16704 7ff6dcda026f 16701->16704 16703 7ff6dcd9f180 12 API calls 16702->16703 16706 7ff6dcda01ef 16702->16706 16703->16706 16705 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16704->16705 16705->16706 16706->16641 16708 7ff6dcd9fd73 16707->16708 16709 7ff6dcd9fda2 16708->16709 16711 7ff6dcd9fe5f 16708->16711 16710 7ff6dcd9f180 12 API calls 16709->16710 16713 7ff6dcd9fddf 16709->16713 16710->16713 16712 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16711->16712 16712->16713 16713->16641 16715 7ff6dcda0593 16714->16715 16716 7ff6dcda05c2 16715->16716 16718 7ff6dcda067f 16715->16718 16717 7ff6dcd9f180 12 API calls 16716->16717 16720 7ff6dcda05ff 16716->16720 16717->16720 16719 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16718->16719 16719->16720 16720->16641 16722 7ff6dcdadb88 16721->16722 16723 7ff6dcdadbcd 16722->16723 16725 7ff6dcda3830 45 API calls 16722->16725 16727 7ff6dcdadb8d memcpy_s 16722->16727 16730 7ff6dcdadbb6 memcpy_s 16722->16730 16726 7ff6dcdaf138 WideCharToMultiByte 16723->16726 16723->16727 16723->16730 16724 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16724->16727 16725->16723 16728 7ff6dcdadca9 16726->16728 16727->16641 16728->16727 16729 7ff6dcdadcbe GetLastError 16728->16729 16729->16727 16729->16730 16730->16724 16730->16727 16732 7ff6dcd9f1b7 16731->16732 16738 7ff6dcd9f1a6 16731->16738 16733 7ff6dcdacc2c _fread_nolock 12 API calls 16732->16733 16732->16738 16734 7ff6dcd9f1e4 16733->16734 16735 7ff6dcd9f1f8 16734->16735 16736 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16734->16736 16737 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16735->16737 16736->16735 16737->16738 16739 7ff6dcdad878 16738->16739 16740 7ff6dcdad8c8 16739->16740 16741 7ff6dcdad895 16739->16741 16740->16741 16743 7ff6dcdad8fa 16740->16743 16742 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16741->16742 16752 7ff6dcda30b5 16742->16752 16748 7ff6dcdada0d 16743->16748 16753 7ff6dcdad942 16743->16753 16744 7ff6dcdadaff 16785 7ff6dcdacd64 16744->16785 16746 7ff6dcdadac5 16778 7ff6dcdad0fc 16746->16778 16748->16744 16748->16746 16749 7ff6dcdada94 16748->16749 16751 7ff6dcdada57 16748->16751 16755 7ff6dcdada4d 16748->16755 16771 7ff6dcdad3dc 16749->16771 16761 7ff6dcdad60c 16751->16761 16752->16688 16752->16690 16753->16752 16757 7ff6dcda930c __std_exception_copy 37 API calls 16753->16757 16755->16746 16756 7ff6dcdada52 16755->16756 16756->16749 16756->16751 16758 7ff6dcdad9fa 16757->16758 16758->16752 16759 7ff6dcda9f30 _wfindfirst32i64 17 API calls 16758->16759 16760 7ff6dcdadb5c 16759->16760 16762 7ff6dcdb324c 38 API calls 16761->16762 16763 7ff6dcdad659 16762->16763 16764 7ff6dcdb2c94 37 API calls 16763->16764 16765 7ff6dcdad6b4 16764->16765 16766 7ff6dcdad6b8 16765->16766 16767 7ff6dcdad709 16765->16767 16768 7ff6dcdad6d4 16765->16768 16766->16752 16769 7ff6dcdad1f8 45 API calls 16767->16769 16770 7ff6dcdad4b4 45 API calls 16768->16770 16769->16766 16770->16766 16772 7ff6dcdb324c 38 API calls 16771->16772 16773 7ff6dcdad426 16772->16773 16774 7ff6dcdb2c94 37 API calls 16773->16774 16775 7ff6dcdad476 16774->16775 16776 7ff6dcdad47a 16775->16776 16777 7ff6dcdad4b4 45 API calls 16775->16777 16776->16752 16777->16776 16779 7ff6dcdb324c 38 API calls 16778->16779 16780 7ff6dcdad147 16779->16780 16781 7ff6dcdb2c94 37 API calls 16780->16781 16782 7ff6dcdad19f 16781->16782 16783 7ff6dcdad1a3 16782->16783 16784 7ff6dcdad1f8 45 API calls 16782->16784 16783->16752 16784->16783 16786 7ff6dcdacda9 16785->16786 16787 7ff6dcdacddc 16785->16787 16788 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16786->16788 16789 7ff6dcdacdf4 16787->16789 16791 7ff6dcdace75 16787->16791 16793 7ff6dcdacdd5 memcpy_s 16788->16793 16790 7ff6dcdad0fc 46 API calls 16789->16790 16790->16793 16792 7ff6dcda3830 45 API calls 16791->16792 16791->16793 16792->16793 16793->16752 16795 7ff6dcd9f341 16794->16795 16796 7ff6dcd9f353 16794->16796 16797 7ff6dcda6088 _set_fmode 11 API calls 16795->16797 16798 7ff6dcd9f360 16796->16798 16802 7ff6dcd9f39d 16796->16802 16799 7ff6dcd9f346 16797->16799 16800 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16798->16800 16801 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 16799->16801 16808 7ff6dcd9f351 16800->16808 16801->16808 16803 7ff6dcd9f446 16802->16803 16804 7ff6dcda6088 _set_fmode 11 API calls 16802->16804 16805 7ff6dcda6088 _set_fmode 11 API calls 16803->16805 16803->16808 16806 7ff6dcd9f43b 16804->16806 16807 7ff6dcd9f4f0 16805->16807 16809 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 16806->16809 16810 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 16807->16810 16808->16613 16809->16803 16810->16808 16812 7ff6dcda386f 16811->16812 16813 7ff6dcdaccd9 16811->16813 16815 7ff6dcdacd2c 16812->16815 16813->16812 16814 7ff6dcdb24a4 45 API calls 16813->16814 16814->16812 16816 7ff6dcdacd45 16815->16816 16817 7ff6dcda387f 16815->16817 16816->16817 16818 7ff6dcdb1810 45 API calls 16816->16818 16817->16613 16818->16817 16820 7ff6dcda3b86 16819->16820 16821 7ff6dcda3bbe 16820->16821 16822 7ff6dcda3bf1 16820->16822 16823 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16821->16823 16826 7ff6dcd9f140 16822->16826 16825 7ff6dcda3be7 16823->16825 16825->16602 16833 7ff6dcda438c EnterCriticalSection 16826->16833 16841 7ff6dcda438c EnterCriticalSection 16834->16841 16843 7ff6dcd91d00 86 API calls 16842->16843 16844 7ff6dcd91c37 16843->16844 16847 7ff6dcda44e0 16844->16847 16848 7ff6dcda450b 16847->16848 16851 7ff6dcda43a4 16848->16851 16864 7ff6dcda6d50 EnterCriticalSection 16851->16864 16866 7ff6dcd92cdc GetModuleFileNameW 16865->16866 16866->16241 16866->16242 16868 7ff6dcd96f52 WideCharToMultiByte 16867->16868 16869 7ff6dcd96ee4 WideCharToMultiByte 16867->16869 16871 7ff6dcd96f7f 16868->16871 16875 7ff6dcd92d35 16868->16875 16870 7ff6dcd96f0e 16869->16870 16874 7ff6dcd96f25 16869->16874 16873 7ff6dcd91cb0 86 API calls 16870->16873 16872 7ff6dcd91cb0 86 API calls 16871->16872 16872->16875 16873->16875 16874->16868 16876 7ff6dcd96f3b 16874->16876 16875->16245 16875->16248 16877 7ff6dcd91cb0 86 API calls 16876->16877 16877->16875 16879 7ff6dcda9283 16878->16879 16882 7ff6dcd95b6e 16878->16882 16880 7ff6dcda930c __std_exception_copy 37 API calls 16879->16880 16879->16882 16881 7ff6dcda92b0 16880->16881 16881->16882 16883 7ff6dcda9f30 _wfindfirst32i64 17 API calls 16881->16883 16882->16266 16884 7ff6dcda92e0 16883->16884 16886 7ff6dcd917e4 16885->16886 16887 7ff6dcd917d4 16885->16887 16889 7ff6dcd96360 83 API calls 16886->16889 16917 7ff6dcd91842 16886->16917 16888 7ff6dcd92de0 120 API calls 16887->16888 16888->16886 16890 7ff6dcd91815 16889->16890 16890->16917 16919 7ff6dcd9ec94 16890->16919 16892 7ff6dcd9a100 _wfindfirst32i64 8 API calls 16894 7ff6dcd919c0 16892->16894 16893 7ff6dcd9182b 16895 7ff6dcd9182f 16893->16895 16896 7ff6dcd9184c 16893->16896 16894->16281 16894->16282 16898 7ff6dcd91c10 86 API calls 16895->16898 16923 7ff6dcd9e95c 16896->16923 16898->16917 16900 7ff6dcd91867 16902 7ff6dcd91c10 86 API calls 16900->16902 16901 7ff6dcd9ec94 73 API calls 16903 7ff6dcd918d1 16901->16903 16902->16917 16904 7ff6dcd918fe 16903->16904 16905 7ff6dcd918e3 16903->16905 16906 7ff6dcd9e95c _fread_nolock 53 API calls 16904->16906 16907 7ff6dcd91c10 86 API calls 16905->16907 16908 7ff6dcd91913 16906->16908 16907->16917 16908->16900 16909 7ff6dcd91925 16908->16909 16926 7ff6dcd9e6d0 16909->16926 16912 7ff6dcd9193d 16913 7ff6dcd91c50 86 API calls 16912->16913 16913->16917 16914 7ff6dcd91993 16915 7ff6dcd9e60c 74 API calls 16914->16915 16914->16917 16915->16917 16916 7ff6dcd91950 16916->16914 16918 7ff6dcd91c50 86 API calls 16916->16918 16917->16892 16918->16914 16920 7ff6dcd9ecc4 16919->16920 16932 7ff6dcd9ea24 16920->16932 16922 7ff6dcd9ecdd 16922->16893 16944 7ff6dcd9e97c 16923->16944 16927 7ff6dcd9e6d9 16926->16927 16928 7ff6dcd91939 16926->16928 16929 7ff6dcda6088 _set_fmode 11 API calls 16927->16929 16928->16912 16928->16916 16930 7ff6dcd9e6de 16929->16930 16931 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 16930->16931 16931->16928 16933 7ff6dcd9ea8e 16932->16933 16934 7ff6dcd9ea4e 16932->16934 16933->16934 16936 7ff6dcd9ea9a 16933->16936 16935 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 16934->16935 16937 7ff6dcd9ea75 16935->16937 16943 7ff6dcda438c EnterCriticalSection 16936->16943 16937->16922 16945 7ff6dcd9e9a6 16944->16945 16956 7ff6dcd91861 16944->16956 16946 7ff6dcd9e9f2 16945->16946 16947 7ff6dcd9e9b5 memcpy_s 16945->16947 16945->16956 16957 7ff6dcda438c EnterCriticalSection 16946->16957 16949 7ff6dcda6088 _set_fmode 11 API calls 16947->16949 16951 7ff6dcd9e9ca 16949->16951 16953 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 16951->16953 16953->16956 16956->16900 16956->16901 17051 7ff6dcd95880 16958->17051 16960 7ff6dcd91454 16961 7ff6dcd91459 16960->16961 17060 7ff6dcd95ba0 16960->17060 16961->16310 16964 7ff6dcd914a7 16967 7ff6dcd914e0 16964->16967 16968 7ff6dcd92de0 120 API calls 16964->16968 16965 7ff6dcd91487 16966 7ff6dcd91c10 86 API calls 16965->16966 16986 7ff6dcd9149d 16966->16986 16969 7ff6dcd9ec94 73 API calls 16967->16969 16970 7ff6dcd914bf 16968->16970 16971 7ff6dcd914f2 16969->16971 16970->16967 16972 7ff6dcd914c7 16970->16972 16973 7ff6dcd91516 16971->16973 16974 7ff6dcd914f6 16971->16974 16975 7ff6dcd91c50 86 API calls 16972->16975 16977 7ff6dcd91534 16973->16977 16978 7ff6dcd9151c 16973->16978 16976 7ff6dcd91c10 86 API calls 16974->16976 16985 7ff6dcd914d6 __std_exception_destroy 16975->16985 16976->16985 16980 7ff6dcd91556 16977->16980 16991 7ff6dcd91575 16977->16991 17085 7ff6dcd91050 16978->17085 16982 7ff6dcd91c10 86 API calls 16980->16982 16981 7ff6dcd91624 16984 7ff6dcd9e60c 74 API calls 16981->16984 16982->16985 16983 7ff6dcd9e60c 74 API calls 16983->16981 16984->16986 16985->16981 16985->16983 16986->16310 16987 7ff6dcd9e95c _fread_nolock 53 API calls 16987->16991 16988 7ff6dcd915d5 16990 7ff6dcd91c10 86 API calls 16988->16990 16990->16985 16991->16985 16991->16987 16991->16988 17103 7ff6dcd9f09c 16991->17103 16993 7ff6dcd91dd6 16992->16993 16994 7ff6dcd91b30 49 API calls 16993->16994 16996 7ff6dcd91e0b 16994->16996 16995 7ff6dcd92211 16996->16995 16997 7ff6dcd92c50 49 API calls 16996->16997 16998 7ff6dcd91e7f 16997->16998 17654 7ff6dcd92230 16998->17654 17001 7ff6dcd91ec1 17003 7ff6dcd95880 127 API calls 17001->17003 17002 7ff6dcd91efa 17004 7ff6dcd92230 75 API calls 17002->17004 17005 7ff6dcd91ec9 17003->17005 17006 7ff6dcd91f4c 17004->17006 17007 7ff6dcd91eea 17005->17007 17662 7ff6dcd95760 17005->17662 17008 7ff6dcd91f50 17006->17008 17009 7ff6dcd91fb6 17006->17009 17010 7ff6dcd91c50 86 API calls 17007->17010 17014 7ff6dcd91ef3 17007->17014 17013 7ff6dcd95880 127 API calls 17008->17013 17012 7ff6dcd92230 75 API calls 17009->17012 17010->17014 17015 7ff6dcd91fe2 17012->17015 17016 7ff6dcd91f58 17013->17016 17019 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17014->17019 17017 7ff6dcd92042 17015->17017 17020 7ff6dcd92230 75 API calls 17015->17020 17016->17007 17021 7ff6dcd95760 138 API calls 17016->17021 17017->16995 17018 7ff6dcd95880 127 API calls 17017->17018 17027 7ff6dcd92052 17018->17027 17023 7ff6dcd91fab 17019->17023 17024 7ff6dcd92012 17020->17024 17022 7ff6dcd91f75 17021->17022 17022->17007 17025 7ff6dcd921f6 17022->17025 17023->16310 17024->17017 17026 7ff6dcd92230 75 API calls 17024->17026 17029 7ff6dcd91c50 86 API calls 17025->17029 17026->17017 17027->16995 17028 7ff6dcd91af0 86 API calls 17027->17028 17040 7ff6dcd9216f 17027->17040 17030 7ff6dcd920af 17028->17030 17031 7ff6dcd9216a 17029->17031 17030->16995 17033 7ff6dcd91b30 49 API calls 17030->17033 17032 7ff6dcd91ab0 74 API calls 17031->17032 17032->16995 17035 7ff6dcd921db 17035->17025 17038 7ff6dcd91440 158 API calls 17035->17038 17038->17035 17040->17035 17042 7ff6dcd91780 86 API calls 17040->17042 17042->17040 17048 7ff6dcd917a1 17047->17048 17049 7ff6dcd91795 17047->17049 17048->16310 17050 7ff6dcd91c50 86 API calls 17049->17050 17050->17048 17052 7ff6dcd958c8 17051->17052 17053 7ff6dcd95892 17051->17053 17052->16960 17107 7ff6dcd916d0 17053->17107 17058 7ff6dcd91c50 86 API calls 17059 7ff6dcd958bd 17058->17059 17059->16960 17061 7ff6dcd95bb0 17060->17061 17062 7ff6dcd91b30 49 API calls 17061->17062 17063 7ff6dcd95be1 17062->17063 17064 7ff6dcd91b30 49 API calls 17063->17064 17078 7ff6dcd95dab 17063->17078 17067 7ff6dcd95c08 17064->17067 17065 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17066 7ff6dcd9147f 17065->17066 17066->16964 17066->16965 17067->17078 17617 7ff6dcda5158 17067->17617 17069 7ff6dcd95c3d 17070 7ff6dcd95d19 17069->17070 17069->17078 17082 7ff6dcda5158 49 API calls 17069->17082 17083 7ff6dcd96db0 88 API calls 17069->17083 17084 7ff6dcd96a60 58 API calls 17069->17084 17071 7ff6dcd96db0 88 API calls 17070->17071 17072 7ff6dcd95d31 17071->17072 17073 7ff6dcd95dda 17072->17073 17077 7ff6dcd95af0 92 API calls 17072->17077 17081 7ff6dcd95d62 __std_exception_destroy 17072->17081 17074 7ff6dcd92de0 120 API calls 17073->17074 17074->17078 17075 7ff6dcd95dce 17080 7ff6dcd91c50 86 API calls 17075->17080 17076 7ff6dcd95d9f 17079 7ff6dcd91c50 86 API calls 17076->17079 17077->17081 17078->17065 17079->17078 17080->17073 17081->17075 17081->17076 17082->17069 17083->17069 17084->17069 17086 7ff6dcd910a6 17085->17086 17087 7ff6dcd910d3 17086->17087 17088 7ff6dcd910ad 17086->17088 17091 7ff6dcd91109 17087->17091 17092 7ff6dcd910ed 17087->17092 17089 7ff6dcd91c50 86 API calls 17088->17089 17090 7ff6dcd910c0 17089->17090 17090->16985 17094 7ff6dcd9111b 17091->17094 17102 7ff6dcd91137 memcpy_s 17091->17102 17093 7ff6dcd91c10 86 API calls 17092->17093 17098 7ff6dcd91104 __std_exception_destroy 17093->17098 17095 7ff6dcd91c10 86 API calls 17094->17095 17095->17098 17096 7ff6dcd9e95c _fread_nolock 53 API calls 17096->17102 17097 7ff6dcd9e6d0 37 API calls 17097->17102 17098->16985 17099 7ff6dcd911fe 17100 7ff6dcd91c50 86 API calls 17099->17100 17100->17098 17101 7ff6dcd9f09c 76 API calls 17101->17102 17102->17096 17102->17097 17102->17098 17102->17099 17102->17101 17104 7ff6dcd9f0cc 17103->17104 17639 7ff6dcd9edec 17104->17639 17106 7ff6dcd9f0ea 17106->16991 17109 7ff6dcd916f5 17107->17109 17108 7ff6dcd91738 17111 7ff6dcd958e0 17108->17111 17109->17108 17110 7ff6dcd91c50 86 API calls 17109->17110 17110->17108 17112 7ff6dcd958f8 17111->17112 17113 7ff6dcd95918 17112->17113 17114 7ff6dcd9596b 17112->17114 17116 7ff6dcd95af0 92 API calls 17113->17116 17115 7ff6dcd95970 GetTempPathW GetCurrentProcessId 17114->17115 17150 7ff6dcd96610 17115->17150 17118 7ff6dcd95924 17116->17118 17174 7ff6dcd955e0 17118->17174 17123 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17126 7ff6dcd958ad 17123->17126 17126->17052 17126->17058 17127 7ff6dcd9599e __std_exception_destroy 17128 7ff6dcd95a46 17127->17128 17132 7ff6dcd959d1 17127->17132 17154 7ff6dcda74d0 17127->17154 17157 7ff6dcd96a60 17127->17157 17130 7ff6dcd96ec0 88 API calls 17128->17130 17135 7ff6dcd95a57 __std_exception_destroy 17130->17135 17134 7ff6dcd96db0 88 API calls 17132->17134 17149 7ff6dcd95a0a __std_exception_destroy 17132->17149 17136 7ff6dcd959e7 17134->17136 17137 7ff6dcd96db0 88 API calls 17135->17137 17135->17149 17138 7ff6dcd95a29 SetEnvironmentVariableW 17136->17138 17139 7ff6dcd959ec 17136->17139 17138->17149 17149->17123 17151 7ff6dcd96635 17150->17151 17208 7ff6dcda3ed4 17151->17208 17380 7ff6dcda70fc 17154->17380 17158 7ff6dcd9a130 17157->17158 17159 7ff6dcd96a70 GetCurrentProcess OpenProcessToken 17158->17159 17160 7ff6dcd96b31 __std_exception_destroy 17159->17160 17161 7ff6dcd96abb GetTokenInformation 17159->17161 17164 7ff6dcd96b44 CloseHandle 17160->17164 17165 7ff6dcd96b4a 17160->17165 17162 7ff6dcd96ae8 17161->17162 17163 7ff6dcd96add GetLastError 17161->17163 17162->17160 17163->17160 17163->17162 17164->17165 17175 7ff6dcd955ec 17174->17175 17176 7ff6dcd96db0 88 API calls 17175->17176 17177 7ff6dcd9560e 17176->17177 17178 7ff6dcd95616 17177->17178 17179 7ff6dcd95629 ExpandEnvironmentStringsW 17177->17179 17180 7ff6dcd91c50 86 API calls 17178->17180 17181 7ff6dcd9564f __std_exception_destroy 17179->17181 17186 7ff6dcd95622 17180->17186 17182 7ff6dcd95653 17181->17182 17183 7ff6dcd95666 17181->17183 17184 7ff6dcd91c50 86 API calls 17182->17184 17188 7ff6dcd95680 17183->17188 17189 7ff6dcd95674 17183->17189 17184->17186 17185 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17187 7ff6dcd95748 17185->17187 17186->17185 17187->17149 17198 7ff6dcda6818 17187->17198 17517 7ff6dcda53b8 17188->17517 17510 7ff6dcda60a8 17189->17510 17192 7ff6dcd9567e 17193 7ff6dcd9569a 17192->17193 17196 7ff6dcd956ad memcpy_s 17192->17196 17194 7ff6dcd91c50 86 API calls 17193->17194 17194->17186 17195 7ff6dcd95722 CreateDirectoryW 17195->17186 17196->17195 17197 7ff6dcd956fc CreateDirectoryW 17196->17197 17197->17196 17199 7ff6dcda6825 17198->17199 17200 7ff6dcda6838 17198->17200 17201 7ff6dcda6088 _set_fmode 11 API calls 17199->17201 17609 7ff6dcda649c 17200->17609 17203 7ff6dcda682a 17201->17203 17205 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 17203->17205 17210 7ff6dcda3f2e 17208->17210 17209 7ff6dcda3f53 17211 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17209->17211 17210->17209 17212 7ff6dcda3f8f 17210->17212 17225 7ff6dcda3f7d 17211->17225 17226 7ff6dcda1a44 17212->17226 17215 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17218 7ff6dcd96654 17215->17218 17216 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17216->17225 17217 7ff6dcda4070 17217->17216 17218->17127 17219 7ff6dcda4045 17222 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17219->17222 17220 7ff6dcda4096 17220->17217 17221 7ff6dcda40a0 17220->17221 17224 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17221->17224 17222->17225 17223 7ff6dcda403c 17223->17217 17223->17219 17224->17225 17225->17215 17227 7ff6dcda1a82 17226->17227 17228 7ff6dcda1a72 17226->17228 17229 7ff6dcda1ab9 17227->17229 17230 7ff6dcda1a8b 17227->17230 17231 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17228->17231 17229->17228 17233 7ff6dcda1ab1 17229->17233 17237 7ff6dcda2a18 17229->17237 17270 7ff6dcda202c 17229->17270 17307 7ff6dcda129c 17229->17307 17232 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17230->17232 17231->17233 17232->17233 17233->17217 17233->17219 17233->17220 17233->17223 17238 7ff6dcda2acb 17237->17238 17239 7ff6dcda2a5a 17237->17239 17240 7ff6dcda2ad0 17238->17240 17241 7ff6dcda2b24 17238->17241 17242 7ff6dcda2a60 17239->17242 17243 7ff6dcda2af5 17239->17243 17244 7ff6dcda2ad2 17240->17244 17245 7ff6dcda2b05 17240->17245 17249 7ff6dcda2b2e 17241->17249 17250 7ff6dcda2b3b 17241->17250 17255 7ff6dcda2b33 17241->17255 17246 7ff6dcda2a65 17242->17246 17247 7ff6dcda2a94 17242->17247 17326 7ff6dcda0354 17243->17326 17248 7ff6dcda2a74 17244->17248 17258 7ff6dcda2ae1 17244->17258 17333 7ff6dcd9ff44 17245->17333 17246->17250 17252 7ff6dcda2a6b 17246->17252 17247->17252 17247->17255 17268 7ff6dcda2b64 17248->17268 17310 7ff6dcda31cc 17248->17310 17249->17243 17249->17255 17340 7ff6dcda3720 17250->17340 17252->17248 17257 7ff6dcda2aa6 17252->17257 17265 7ff6dcda2a8f 17252->17265 17255->17268 17344 7ff6dcda0764 17255->17344 17257->17268 17320 7ff6dcda3508 17257->17320 17258->17243 17260 7ff6dcda2ae6 17258->17260 17264 7ff6dcda35cc 37 API calls 17260->17264 17260->17268 17262 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17263 7ff6dcda2e5e 17262->17263 17263->17229 17264->17265 17265->17268 17268->17262 17271 7ff6dcda2050 17270->17271 17272 7ff6dcda203a 17270->17272 17273 7ff6dcda2090 17271->17273 17276 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17271->17276 17272->17273 17274 7ff6dcda2acb 17272->17274 17275 7ff6dcda2a5a 17272->17275 17273->17229 17277 7ff6dcda2ad0 17274->17277 17278 7ff6dcda2b24 17274->17278 17279 7ff6dcda2a60 17275->17279 17280 7ff6dcda2af5 17275->17280 17276->17273 17281 7ff6dcda2ad2 17277->17281 17282 7ff6dcda2b05 17277->17282 17286 7ff6dcda2b2e 17278->17286 17287 7ff6dcda2b3b 17278->17287 17292 7ff6dcda2b33 17278->17292 17283 7ff6dcda2a65 17279->17283 17284 7ff6dcda2a94 17279->17284 17288 7ff6dcda0354 38 API calls 17280->17288 17285 7ff6dcda2a74 17281->17285 17296 7ff6dcda2ae1 17281->17296 17290 7ff6dcd9ff44 38 API calls 17282->17290 17283->17287 17289 7ff6dcda2a6b 17283->17289 17284->17289 17284->17292 17291 7ff6dcda31cc 47 API calls 17285->17291 17306 7ff6dcda2b64 17285->17306 17286->17280 17286->17292 17293 7ff6dcda3720 45 API calls 17287->17293 17304 7ff6dcda2a8f 17288->17304 17289->17285 17294 7ff6dcda2aa6 17289->17294 17289->17304 17290->17304 17291->17304 17295 7ff6dcda0764 38 API calls 17292->17295 17292->17306 17293->17304 17294->17306 17295->17304 17296->17280 17298 7ff6dcda2ae6 17296->17298 17298->17306 17299 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17302 7ff6dcda2d50 17302->17306 17303 7ff6dcda3830 45 API calls 17303->17302 17304->17302 17304->17303 17304->17306 17306->17299 17363 7ff6dcd9f5c8 17307->17363 17311 7ff6dcda31f2 17310->17311 17327 7ff6dcda0387 17326->17327 17328 7ff6dcda03b6 17327->17328 17330 7ff6dcda0473 17327->17330 17329 7ff6dcd9f228 12 API calls 17328->17329 17332 7ff6dcda03f3 17328->17332 17329->17332 17331 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17330->17331 17331->17332 17332->17265 17334 7ff6dcd9ff77 17333->17334 17335 7ff6dcd9ffa6 17334->17335 17337 7ff6dcda0063 17334->17337 17341 7ff6dcda3763 17340->17341 17342 7ff6dcda37bc 45 API calls 17341->17342 17343 7ff6dcda3767 __crtLCMapStringW 17341->17343 17342->17343 17343->17265 17345 7ff6dcda0797 17344->17345 17346 7ff6dcda07c6 17345->17346 17348 7ff6dcda0883 17345->17348 17364 7ff6dcd9f60f 17363->17364 17365 7ff6dcd9f5fd 17363->17365 17367 7ff6dcd9f61d 17364->17367 17374 7ff6dcd9f659 17364->17374 17366 7ff6dcda6088 _set_fmode 11 API calls 17365->17366 17368 7ff6dcd9f602 17366->17368 17369 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17367->17369 17370 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 17368->17370 17377 7ff6dcd9f60d 17369->17377 17370->17377 17371 7ff6dcda6088 _set_fmode 11 API calls 17375 7ff6dcd9fc69 17371->17375 17372 7ff6dcda6088 _set_fmode 11 API calls 17373 7ff6dcd9f9ca 17372->17373 17376 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 17373->17376 17374->17372 17379 7ff6dcd9f9d5 17374->17379 17376->17379 17377->17229 17379->17371 17379->17377 17421 7ff6dcdb0718 17380->17421 17480 7ff6dcdb0490 17421->17480 17501 7ff6dcdaf808 EnterCriticalSection 17480->17501 17511 7ff6dcda60c6 17510->17511 17514 7ff6dcda60f9 17510->17514 17512 7ff6dcdaf9a4 _wfindfirst32i64 37 API calls 17511->17512 17511->17514 17513 7ff6dcda60f5 17512->17513 17513->17514 17515 7ff6dcda9f30 _wfindfirst32i64 17 API calls 17513->17515 17514->17192 17516 7ff6dcda6129 17515->17516 17518 7ff6dcda5442 17517->17518 17519 7ff6dcda53d4 17517->17519 17554 7ff6dcdaf110 17518->17554 17519->17518 17520 7ff6dcda53d9 17519->17520 17522 7ff6dcda540e 17520->17522 17523 7ff6dcda53f1 17520->17523 17537 7ff6dcda51fc GetFullPathNameW 17522->17537 17529 7ff6dcda5188 GetFullPathNameW 17523->17529 17538 7ff6dcda522f GetLastError 17537->17538 17543 7ff6dcda5245 __std_exception_destroy 17537->17543 17557 7ff6dcdaef20 17554->17557 17558 7ff6dcdaef62 17557->17558 17559 7ff6dcdaef4b 17557->17559 17561 7ff6dcdaef66 17558->17561 17562 7ff6dcdaef87 17558->17562 17560 7ff6dcda6088 _set_fmode 11 API calls 17559->17560 17616 7ff6dcdaf808 EnterCriticalSection 17609->17616 17618 7ff6dcdaa780 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17617->17618 17619 7ff6dcda516d 17618->17619 17620 7ff6dcdaef17 17619->17620 17623 7ff6dcdaee36 17619->17623 17626 7ff6dcd9a294 17620->17626 17624 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17623->17624 17625 7ff6dcdaef0f 17624->17625 17625->17069 17629 7ff6dcd9a2a8 IsProcessorFeaturePresent 17626->17629 17630 7ff6dcd9a2bf 17629->17630 17635 7ff6dcd9a344 RtlCaptureContext RtlLookupFunctionEntry 17630->17635 17636 7ff6dcd9a374 RtlVirtualUnwind 17635->17636 17637 7ff6dcd9a2d3 17635->17637 17636->17637 17638 7ff6dcd9a180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17637->17638 17640 7ff6dcd9ee39 17639->17640 17641 7ff6dcd9ee0c 17639->17641 17640->17106 17641->17640 17642 7ff6dcd9ee41 17641->17642 17643 7ff6dcd9ee16 17641->17643 17646 7ff6dcd9ed2c 17642->17646 17644 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 17643->17644 17644->17640 17653 7ff6dcda438c EnterCriticalSection 17646->17653 17655 7ff6dcd92264 17654->17655 17656 7ff6dcda3c80 49 API calls 17655->17656 17657 7ff6dcd9228a 17656->17657 17658 7ff6dcd9229b 17657->17658 17686 7ff6dcda4e70 17657->17686 17660 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17658->17660 17661 7ff6dcd91ebd 17660->17661 17661->17001 17661->17002 17663 7ff6dcd9576e 17662->17663 17664 7ff6dcd92de0 120 API calls 17663->17664 17665 7ff6dcd95795 17664->17665 17666 7ff6dcd95ba0 138 API calls 17665->17666 17667 7ff6dcd957a3 17666->17667 17668 7ff6dcd95853 17667->17668 17670 7ff6dcd957bd 17667->17670 17669 7ff6dcd9584f 17668->17669 17671 7ff6dcd9e60c 74 API calls 17668->17671 17673 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17669->17673 17816 7ff6dcd9e6a4 17670->17816 17671->17669 17687 7ff6dcda4e99 17686->17687 17688 7ff6dcda4e8d 17686->17688 17690 7ff6dcda4a84 45 API calls 17687->17690 17703 7ff6dcda46e8 17688->17703 17691 7ff6dcda4ec1 17690->17691 17692 7ff6dcdae144 5 API calls 17691->17692 17697 7ff6dcda4ed1 17691->17697 17692->17697 17693 7ff6dcda456c 14 API calls 17694 7ff6dcda4f29 17693->17694 17695 7ff6dcda4f41 17694->17695 17696 7ff6dcda4f2d 17694->17696 17699 7ff6dcda46e8 69 API calls 17695->17699 17698 7ff6dcda4e92 17696->17698 17700 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17696->17700 17697->17693 17698->17658 17701 7ff6dcda4f4d 17699->17701 17700->17698 17701->17698 17702 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17701->17702 17702->17698 17704 7ff6dcda471f 17703->17704 17705 7ff6dcda4702 17703->17705 17704->17705 17706 7ff6dcda4732 CreateFileW 17704->17706 17707 7ff6dcda6068 _fread_nolock 11 API calls 17705->17707 17709 7ff6dcda4766 17706->17709 17710 7ff6dcda479c 17706->17710 17708 7ff6dcda4707 17707->17708 17711 7ff6dcda6088 _set_fmode 11 API calls 17708->17711 17728 7ff6dcda483c GetFileType 17709->17728 17754 7ff6dcda4d60 17710->17754 17714 7ff6dcda470f 17711->17714 17717 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 17714->17717 17724 7ff6dcda471a 17717->17724 17718 7ff6dcda4791 CloseHandle 17718->17724 17719 7ff6dcda477b CloseHandle 17719->17724 17720 7ff6dcda47d0 17775 7ff6dcda4b20 17720->17775 17721 7ff6dcda47a5 17722 7ff6dcda5ffc _fread_nolock 11 API calls 17721->17722 17725 7ff6dcda47af 17722->17725 17724->17698 17725->17724 17729 7ff6dcda4947 17728->17729 17730 7ff6dcda488a 17728->17730 17731 7ff6dcda494f 17729->17731 17732 7ff6dcda4971 17729->17732 17733 7ff6dcda48b6 GetFileInformationByHandle 17730->17733 17734 7ff6dcda4c5c 21 API calls 17730->17734 17735 7ff6dcda4953 17731->17735 17736 7ff6dcda4962 GetLastError 17731->17736 17738 7ff6dcda4994 PeekNamedPipe 17732->17738 17753 7ff6dcda4932 17732->17753 17733->17736 17737 7ff6dcda48df 17733->17737 17743 7ff6dcda48a4 17734->17743 17739 7ff6dcda6088 _set_fmode 11 API calls 17735->17739 17741 7ff6dcda5ffc _fread_nolock 11 API calls 17736->17741 17740 7ff6dcda4b20 51 API calls 17737->17740 17738->17753 17739->17753 17744 7ff6dcda48ea 17740->17744 17741->17753 17742 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17745 7ff6dcda4774 17742->17745 17743->17733 17743->17753 17792 7ff6dcda49e4 17744->17792 17745->17718 17745->17719 17753->17742 17755 7ff6dcda4d96 17754->17755 17756 7ff6dcda4e2e __std_exception_destroy 17755->17756 17757 7ff6dcda6088 _set_fmode 11 API calls 17755->17757 17758 7ff6dcd9a100 _wfindfirst32i64 8 API calls 17756->17758 17759 7ff6dcda4da8 17757->17759 17760 7ff6dcda47a1 17758->17760 17761 7ff6dcda6088 _set_fmode 11 API calls 17759->17761 17760->17720 17760->17721 17762 7ff6dcda4db0 17761->17762 17763 7ff6dcda53b8 45 API calls 17762->17763 17764 7ff6dcda4dc5 17763->17764 17765 7ff6dcda4dd7 17764->17765 17766 7ff6dcda4dcd 17764->17766 17776 7ff6dcda4b48 17775->17776 17784 7ff6dcda47dd 17776->17784 17793 7ff6dcda4a00 17792->17793 17794 7ff6dcda4a0d FileTimeToSystemTime 17792->17794 17793->17794 17796 7ff6dcda4a08 17793->17796 17795 7ff6dcda4a21 SystemTimeToTzSpecificLocalTime 17794->17795 17794->17796 17795->17796 17817 7ff6dcd9e6bd 17816->17817 17818 7ff6dcd9e6ad 17816->17818 17843 7ff6dcd961da 17842->17843 17844 7ff6dcda92ed 17842->17844 17848 7ff6dcda705c 17843->17848 17845 7ff6dcda6088 _set_fmode 11 API calls 17844->17845 17846 7ff6dcda92f2 17845->17846 17847 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 17846->17847 17847->17843 17849 7ff6dcda7065 17848->17849 17850 7ff6dcda707a 17848->17850 17851 7ff6dcda6068 _fread_nolock 11 API calls 17849->17851 17853 7ff6dcda6068 _fread_nolock 11 API calls 17850->17853 17856 7ff6dcda7072 17850->17856 17852 7ff6dcda706a 17851->17852 17854 7ff6dcda6088 _set_fmode 11 API calls 17852->17854 17855 7ff6dcda70b5 17853->17855 17854->17856 17857 7ff6dcda6088 _set_fmode 11 API calls 17855->17857 17856->16326 17900 7ff6dcda546c 17898->17900 17899 7ff6dcda5492 17901 7ff6dcda6088 _set_fmode 11 API calls 17899->17901 17900->17899 17902 7ff6dcda54c5 17900->17902 17903 7ff6dcda5497 17901->17903 17905 7ff6dcda54d8 17902->17905 17906 7ff6dcda54cb 17902->17906 17904 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 17903->17904 17907 7ff6dcd92e39 17904->17907 17917 7ff6dcdaa258 17905->17917 17908 7ff6dcda6088 _set_fmode 11 API calls 17906->17908 17907->16379 17908->17907 17930 7ff6dcdaf808 EnterCriticalSection 17917->17930 18278 7ff6dcda7acc 18277->18278 18281 7ff6dcda75a8 18278->18281 18280 7ff6dcda7ae5 18280->16389 18282 7ff6dcda75c3 18281->18282 18283 7ff6dcda75f2 18281->18283 18284 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 18282->18284 18291 7ff6dcda438c EnterCriticalSection 18283->18291 18286 7ff6dcda75e3 18284->18286 18286->18280 18293 7ff6dcd9e431 18292->18293 18294 7ff6dcd9e403 18292->18294 18295 7ff6dcd9e423 18293->18295 18302 7ff6dcda438c EnterCriticalSection 18293->18302 18296 7ff6dcda9e44 _invalid_parameter_noinfo 37 API calls 18294->18296 18295->16393 18296->18295 18304 7ff6dcd912c6 18303->18304 18305 7ff6dcd912f8 18303->18305 18306 7ff6dcd92de0 120 API calls 18304->18306 18307 7ff6dcd9ec94 73 API calls 18305->18307 18308 7ff6dcd912d6 18306->18308 18309 7ff6dcd9130a 18307->18309 18308->18305 18310 7ff6dcd912de 18308->18310 18311 7ff6dcd9130e 18309->18311 18312 7ff6dcd9132f 18309->18312 18313 7ff6dcd91c50 86 API calls 18310->18313 18314 7ff6dcd91c10 86 API calls 18311->18314 18317 7ff6dcd91364 18312->18317 18318 7ff6dcd91344 18312->18318 18315 7ff6dcd912ee 18313->18315 18316 7ff6dcd91325 18314->18316 18315->16404 18316->16404 18320 7ff6dcd9137e 18317->18320 18325 7ff6dcd91395 18317->18325 18319 7ff6dcd91c10 86 API calls 18318->18319 18326 7ff6dcd9135f __std_exception_destroy 18319->18326 18321 7ff6dcd91050 94 API calls 18320->18321 18321->18326 18322 7ff6dcd91421 18322->16404 18323 7ff6dcd9e95c _fread_nolock 53 API calls 18323->18325 18324 7ff6dcd9e60c 74 API calls 18324->18322 18325->18323 18325->18326 18327 7ff6dcd913de 18325->18327 18326->18322 18326->18324 18328 7ff6dcd91c10 86 API calls 18327->18328 18328->18326 18330 7ff6dcd91b30 49 API calls 18329->18330 18331 7ff6dcd92e90 18330->18331 18331->16407 18333 7ff6dcd916aa 18332->18333 18334 7ff6dcd91666 18332->18334 18333->16422 18334->18333 18335 7ff6dcd91c50 86 API calls 18334->18335 18336 7ff6dcd916be 18335->18336 18336->16422 18338 7ff6dcd96db0 88 API calls 18337->18338 18339 7ff6dcd96327 LoadLibraryExW 18338->18339 18340 7ff6dcd96344 __std_exception_destroy 18339->18340 18340->16430 18342 7ff6dcd93ad0 18341->18342 18343 7ff6dcd91b30 49 API calls 18342->18343 18344 7ff6dcd93b02 18343->18344 18345 7ff6dcd93b2b 18344->18345 18346 7ff6dcd93b0b 18344->18346 18347 7ff6dcd93b82 18345->18347 18349 7ff6dcd92e60 49 API calls 18345->18349 18348 7ff6dcd91c50 86 API calls 18346->18348 18350 7ff6dcd92e60 49 API calls 18347->18350 18368 7ff6dcd93b21 18348->18368 18351 7ff6dcd93b4c 18349->18351 18352 7ff6dcd93b9b 18350->18352 18353 7ff6dcd93b6a 18351->18353 18358 7ff6dcd91c50 86 API calls 18351->18358 18355 7ff6dcd93bb9 18352->18355 18356 7ff6dcd91c50 86 API calls 18352->18356 18412 7ff6dcd92d70 18353->18412 18354 7ff6dcd9a100 _wfindfirst32i64 8 API calls 18360 7ff6dcd922de 18354->18360 18357 7ff6dcd96310 89 API calls 18355->18357 18356->18355 18361 7ff6dcd93bc6 18357->18361 18358->18353 18360->16509 18369 7ff6dcd93e40 18360->18369 18363 7ff6dcd93bcb 18361->18363 18364 7ff6dcd93bed 18361->18364 18365 7ff6dcd91cb0 86 API calls 18363->18365 18418 7ff6dcd92f20 GetProcAddress 18364->18418 18365->18368 18367 7ff6dcd96310 89 API calls 18367->18347 18368->18354 18370 7ff6dcd95af0 92 API calls 18369->18370 18372 7ff6dcd93e55 18370->18372 18371 7ff6dcd93e70 18373 7ff6dcd96db0 88 API calls 18371->18373 18372->18371 18374 7ff6dcd91c50 86 API calls 18372->18374 18375 7ff6dcd93eb4 18373->18375 18374->18371 18376 7ff6dcd93ed0 18375->18376 18377 7ff6dcd93eb9 18375->18377 18380 7ff6dcd96db0 88 API calls 18376->18380 18378 7ff6dcd91c50 86 API calls 18377->18378 18379 7ff6dcd93ec5 18378->18379 18379->16511 18381 7ff6dcd93f05 18380->18381 18383 7ff6dcd91b30 49 API calls 18381->18383 18395 7ff6dcd93f0a __std_exception_destroy 18381->18395 18382 7ff6dcd91c50 86 API calls 18384 7ff6dcd940b1 18382->18384 18385 7ff6dcd93f87 18383->18385 18384->16511 18386 7ff6dcd93f8e 18385->18386 18387 7ff6dcd93fb3 18385->18387 18388 7ff6dcd91c50 86 API calls 18386->18388 18389 7ff6dcd96db0 88 API calls 18387->18389 18390 7ff6dcd93fa3 18388->18390 18391 7ff6dcd93fcc 18389->18391 18390->16511 18391->18395 18525 7ff6dcd93c20 18391->18525 18395->18382 18396 7ff6dcd9409a 18395->18396 18396->16511 18398 7ff6dcd93857 18397->18398 18398->18398 18399 7ff6dcd93880 18398->18399 18406 7ff6dcd93897 __std_exception_destroy 18398->18406 18400 7ff6dcd91c50 86 API calls 18399->18400 18401 7ff6dcd9388c 18400->18401 18401->16513 18402 7ff6dcd9397b 18402->16513 18403 7ff6dcd91780 86 API calls 18403->18406 18404 7ff6dcd912b0 120 API calls 18404->18406 18405 7ff6dcd91c50 86 API calls 18405->18406 18406->18402 18406->18403 18406->18404 18406->18405 18413 7ff6dcd92d7a 18412->18413 18414 7ff6dcd96db0 88 API calls 18413->18414 18415 7ff6dcd92da2 18414->18415 18416 7ff6dcd9a100 _wfindfirst32i64 8 API calls 18415->18416 18417 7ff6dcd92dca 18416->18417 18417->18347 18417->18367 18419 7ff6dcd92f48 18418->18419 18420 7ff6dcd92f6b GetProcAddress 18418->18420 18422 7ff6dcd91cb0 86 API calls 18419->18422 18420->18419 18421 7ff6dcd92f90 GetProcAddress 18420->18421 18421->18419 18423 7ff6dcd92fb5 GetProcAddress 18421->18423 18424 7ff6dcd92f5b 18422->18424 18423->18419 18425 7ff6dcd92fdd GetProcAddress 18423->18425 18424->18368 18425->18419 18426 7ff6dcd93005 GetProcAddress 18425->18426 18426->18419 18427 7ff6dcd9302d GetProcAddress 18426->18427 18428 7ff6dcd93055 GetProcAddress 18427->18428 18429 7ff6dcd93049 18427->18429 18430 7ff6dcd93071 18428->18430 18431 7ff6dcd9307d GetProcAddress 18428->18431 18429->18428 18430->18431 18432 7ff6dcd93099 18431->18432 18433 7ff6dcd930d5 GetProcAddress 18432->18433 18434 7ff6dcd930ad GetProcAddress 18432->18434 18436 7ff6dcd930f1 18433->18436 18437 7ff6dcd930fd GetProcAddress 18433->18437 18434->18433 18435 7ff6dcd930c9 18434->18435 18435->18433 18436->18437 18438 7ff6dcd93125 GetProcAddress 18437->18438 18439 7ff6dcd93119 18437->18439 18439->18438 18533 7ff6dcd93c3a 18525->18533 19374 7ff6dcda8bb0 19377 7ff6dcda8b30 19374->19377 19384 7ff6dcdaf808 EnterCriticalSection 19377->19384 18689 7ff6dcda4330 18690 7ff6dcda433b 18689->18690 18698 7ff6dcdae4c4 18690->18698 18711 7ff6dcdaf808 EnterCriticalSection 18698->18711 18712 7ff6dcd9a430 18713 7ff6dcd9a440 18712->18713 18729 7ff6dcda580c 18713->18729 18715 7ff6dcd9a44c 18735 7ff6dcd9a748 18715->18735 18717 7ff6dcd9aa2c 7 API calls 18719 7ff6dcd9a4e5 18717->18719 18718 7ff6dcd9a464 _RTC_Initialize 18727 7ff6dcd9a4b9 18718->18727 18740 7ff6dcd9a8f8 18718->18740 18721 7ff6dcd9a479 18743 7ff6dcda7fd0 18721->18743 18727->18717 18728 7ff6dcd9a4d5 18727->18728 18730 7ff6dcda581d 18729->18730 18731 7ff6dcda6088 _set_fmode 11 API calls 18730->18731 18734 7ff6dcda5825 18730->18734 18732 7ff6dcda5834 18731->18732 18733 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 18732->18733 18733->18734 18734->18715 18736 7ff6dcd9a759 18735->18736 18739 7ff6dcd9a75e __scrt_acquire_startup_lock 18735->18739 18737 7ff6dcd9aa2c 7 API calls 18736->18737 18736->18739 18738 7ff6dcd9a7d2 18737->18738 18739->18718 18768 7ff6dcd9a8bc 18740->18768 18742 7ff6dcd9a901 18742->18721 18744 7ff6dcd9a485 18743->18744 18745 7ff6dcda7ff0 18743->18745 18744->18727 18767 7ff6dcd9a9cc InitializeSListHead 18744->18767 18746 7ff6dcda800e GetModuleFileNameW 18745->18746 18747 7ff6dcda7ff8 18745->18747 18751 7ff6dcda8039 18746->18751 18748 7ff6dcda6088 _set_fmode 11 API calls 18747->18748 18749 7ff6dcda7ffd 18748->18749 18750 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 18749->18750 18750->18744 18783 7ff6dcda7f70 18751->18783 18754 7ff6dcda8081 18755 7ff6dcda6088 _set_fmode 11 API calls 18754->18755 18756 7ff6dcda8086 18755->18756 18757 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18756->18757 18757->18744 18758 7ff6dcda8099 18759 7ff6dcda80bb 18758->18759 18761 7ff6dcda8100 18758->18761 18762 7ff6dcda80e7 18758->18762 18760 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18759->18760 18760->18744 18764 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18761->18764 18763 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18762->18763 18765 7ff6dcda80f0 18763->18765 18764->18759 18766 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18765->18766 18766->18744 18769 7ff6dcd9a8d6 18768->18769 18771 7ff6dcd9a8cf 18768->18771 18772 7ff6dcda904c 18769->18772 18771->18742 18775 7ff6dcda8c88 18772->18775 18782 7ff6dcdaf808 EnterCriticalSection 18775->18782 18784 7ff6dcda7f88 18783->18784 18788 7ff6dcda7fc0 18783->18788 18785 7ff6dcdadeb8 _set_fmode 11 API calls 18784->18785 18784->18788 18786 7ff6dcda7fb6 18785->18786 18787 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18786->18787 18787->18788 18788->18754 18788->18758 18851 7ff6dcdaa600 18852 7ff6dcdaa61a 18851->18852 18853 7ff6dcdaa605 18851->18853 18857 7ff6dcdaa620 18853->18857 18858 7ff6dcdaa66a 18857->18858 18859 7ff6dcdaa662 18857->18859 18861 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18858->18861 18860 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18859->18860 18860->18858 18862 7ff6dcdaa677 18861->18862 18863 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18862->18863 18864 7ff6dcdaa684 18863->18864 18865 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18864->18865 18866 7ff6dcdaa691 18865->18866 18867 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18866->18867 18868 7ff6dcdaa69e 18867->18868 18869 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18868->18869 18870 7ff6dcdaa6ab 18869->18870 18871 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18870->18871 18872 7ff6dcdaa6b8 18871->18872 18873 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18872->18873 18874 7ff6dcdaa6c5 18873->18874 18875 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18874->18875 18876 7ff6dcdaa6d5 18875->18876 18877 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18876->18877 18878 7ff6dcdaa6e5 18877->18878 18883 7ff6dcdaa4c4 18878->18883 18897 7ff6dcdaf808 EnterCriticalSection 18883->18897 19402 7ff6dcdb9577 19403 7ff6dcdb9587 19402->19403 19406 7ff6dcda4398 LeaveCriticalSection 19403->19406 15863 7ff6dcda6878 15864 7ff6dcda68df 15863->15864 15865 7ff6dcda68a6 15863->15865 15864->15865 15867 7ff6dcda68e4 FindFirstFileExW 15864->15867 15866 7ff6dcda6088 _set_fmode 11 API calls 15865->15866 15868 7ff6dcda68ab 15866->15868 15869 7ff6dcda6906 GetLastError 15867->15869 15870 7ff6dcda694d 15867->15870 15871 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15868->15871 15873 7ff6dcda693d 15869->15873 15877 7ff6dcda6911 15869->15877 15923 7ff6dcda6ae8 15870->15923 15874 7ff6dcda68b6 15871->15874 15875 7ff6dcda6088 _set_fmode 11 API calls 15873->15875 15882 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15874->15882 15875->15874 15877->15873 15879 7ff6dcda691b 15877->15879 15880 7ff6dcda692d 15877->15880 15878 7ff6dcda6ae8 _wfindfirst32i64 10 API calls 15883 7ff6dcda6973 15878->15883 15879->15873 15884 7ff6dcda6920 15879->15884 15881 7ff6dcda6088 _set_fmode 11 API calls 15880->15881 15881->15874 15886 7ff6dcda68ca 15882->15886 15887 7ff6dcda6ae8 _wfindfirst32i64 10 API calls 15883->15887 15885 7ff6dcda6088 _set_fmode 11 API calls 15884->15885 15885->15874 15888 7ff6dcda6981 15887->15888 15930 7ff6dcdaf9a4 15888->15930 15891 7ff6dcda69ab 15892 7ff6dcda9f30 _wfindfirst32i64 17 API calls 15891->15892 15893 7ff6dcda69bf 15892->15893 15894 7ff6dcda69e9 15893->15894 15897 7ff6dcda6a28 FindNextFileW 15893->15897 15895 7ff6dcda6088 _set_fmode 11 API calls 15894->15895 15896 7ff6dcda69ee 15895->15896 15900 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15896->15900 15898 7ff6dcda6a37 GetLastError 15897->15898 15899 7ff6dcda6a78 15897->15899 15901 7ff6dcda6a42 15898->15901 15902 7ff6dcda6a6b 15898->15902 15904 7ff6dcda6ae8 _wfindfirst32i64 10 API calls 15899->15904 15903 7ff6dcda69f9 15900->15903 15901->15902 15908 7ff6dcda6a5e 15901->15908 15909 7ff6dcda6a4c 15901->15909 15905 7ff6dcda6088 _set_fmode 11 API calls 15902->15905 15910 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15903->15910 15906 7ff6dcda6a90 15904->15906 15905->15903 15907 7ff6dcda6ae8 _wfindfirst32i64 10 API calls 15906->15907 15911 7ff6dcda6a9e 15907->15911 15913 7ff6dcda6088 _set_fmode 11 API calls 15908->15913 15909->15902 15912 7ff6dcda6a51 15909->15912 15914 7ff6dcda6a0c 15910->15914 15915 7ff6dcda6ae8 _wfindfirst32i64 10 API calls 15911->15915 15916 7ff6dcda6088 _set_fmode 11 API calls 15912->15916 15913->15903 15917 7ff6dcda6aac 15915->15917 15916->15903 15918 7ff6dcdaf9a4 _wfindfirst32i64 37 API calls 15917->15918 15919 7ff6dcda6aca 15918->15919 15919->15903 15920 7ff6dcda6ad2 15919->15920 15921 7ff6dcda9f30 _wfindfirst32i64 17 API calls 15920->15921 15922 7ff6dcda6ae6 15921->15922 15924 7ff6dcda6b00 15923->15924 15925 7ff6dcda6b06 FileTimeToSystemTime 15923->15925 15924->15925 15928 7ff6dcda6b2b 15924->15928 15926 7ff6dcda6b15 SystemTimeToTzSpecificLocalTime 15925->15926 15925->15928 15926->15928 15927 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15929 7ff6dcda6965 15927->15929 15928->15927 15929->15878 15931 7ff6dcdaf9b1 15930->15931 15932 7ff6dcdaf9bb 15930->15932 15931->15932 15937 7ff6dcdaf9d7 15931->15937 15933 7ff6dcda6088 _set_fmode 11 API calls 15932->15933 15934 7ff6dcdaf9c3 15933->15934 15935 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15934->15935 15936 7ff6dcda699f 15935->15936 15936->15874 15936->15891 15937->15936 15938 7ff6dcda6088 _set_fmode 11 API calls 15937->15938 15938->15934 18995 7ff6dcdb96fd 18998 7ff6dcda4398 LeaveCriticalSection 18995->18998 19458 7ff6dcdb9792 19459 7ff6dcdb97a1 19458->19459 19460 7ff6dcdb97ab 19458->19460 19462 7ff6dcdaf868 LeaveCriticalSection 19459->19462 15105 7ff6dcdafa88 15106 7ff6dcdafaac 15105->15106 15108 7ff6dcdafabc 15105->15108 15107 7ff6dcda6088 _set_fmode 11 API calls 15106->15107 15127 7ff6dcdafab1 15107->15127 15109 7ff6dcdafd9c 15108->15109 15110 7ff6dcdafade 15108->15110 15111 7ff6dcda6088 _set_fmode 11 API calls 15109->15111 15112 7ff6dcdafaff 15110->15112 15249 7ff6dcdb0144 15110->15249 15113 7ff6dcdafda1 15111->15113 15116 7ff6dcdafb71 15112->15116 15118 7ff6dcdafb25 15112->15118 15123 7ff6dcdafb65 15112->15123 15115 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15113->15115 15115->15127 15120 7ff6dcdadeb8 _set_fmode 11 API calls 15116->15120 15137 7ff6dcdafb34 15116->15137 15117 7ff6dcdafc1e 15126 7ff6dcdafc3b 15117->15126 15134 7ff6dcdafc8d 15117->15134 15264 7ff6dcda867c 15118->15264 15124 7ff6dcdafb87 15120->15124 15122 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15122->15127 15123->15117 15123->15137 15270 7ff6dcdb652c 15123->15270 15128 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15124->15128 15131 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15126->15131 15132 7ff6dcdafb95 15128->15132 15129 7ff6dcdafb2f 15133 7ff6dcda6088 _set_fmode 11 API calls 15129->15133 15130 7ff6dcdafb4d 15130->15123 15136 7ff6dcdb0144 45 API calls 15130->15136 15135 7ff6dcdafc44 15131->15135 15132->15123 15132->15137 15140 7ff6dcdadeb8 _set_fmode 11 API calls 15132->15140 15133->15137 15134->15137 15138 7ff6dcdb257c 40 API calls 15134->15138 15147 7ff6dcdafc49 15135->15147 15306 7ff6dcdb257c 15135->15306 15136->15123 15137->15122 15139 7ff6dcdafcca 15138->15139 15141 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15139->15141 15143 7ff6dcdafbb7 15140->15143 15145 7ff6dcdafcd4 15141->15145 15144 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15143->15144 15144->15123 15145->15137 15145->15147 15146 7ff6dcdafd90 15149 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15146->15149 15147->15146 15151 7ff6dcdadeb8 _set_fmode 11 API calls 15147->15151 15148 7ff6dcdafc75 15150 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15148->15150 15149->15127 15150->15147 15152 7ff6dcdafd18 15151->15152 15153 7ff6dcdafd20 15152->15153 15154 7ff6dcdafd29 15152->15154 15156 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15153->15156 15236 7ff6dcda930c 15154->15236 15158 7ff6dcdafd27 15156->15158 15163 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15158->15163 15159 7ff6dcdafd40 15315 7ff6dcdb6644 15159->15315 15160 7ff6dcdafdcb 15245 7ff6dcda9f30 IsProcessorFeaturePresent 15160->15245 15163->15127 15166 7ff6dcdafd88 15171 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15166->15171 15167 7ff6dcdafd67 15169 7ff6dcda6088 _set_fmode 11 API calls 15167->15169 15172 7ff6dcdafd6c 15169->15172 15171->15146 15175 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15172->15175 15175->15158 15237 7ff6dcda9323 15236->15237 15238 7ff6dcda9319 15236->15238 15239 7ff6dcda6088 _set_fmode 11 API calls 15237->15239 15238->15237 15243 7ff6dcda933e 15238->15243 15240 7ff6dcda932a 15239->15240 15334 7ff6dcda9f10 15240->15334 15241 7ff6dcda9336 15241->15159 15241->15160 15243->15241 15244 7ff6dcda6088 _set_fmode 11 API calls 15243->15244 15244->15240 15246 7ff6dcda9f43 15245->15246 15374 7ff6dcda9c44 15246->15374 15250 7ff6dcdb0161 15249->15250 15251 7ff6dcdb0179 15249->15251 15250->15112 15252 7ff6dcdadeb8 _set_fmode 11 API calls 15251->15252 15253 7ff6dcdb019d 15252->15253 15254 7ff6dcdb01fe 15253->15254 15258 7ff6dcdadeb8 _set_fmode 11 API calls 15253->15258 15259 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15253->15259 15260 7ff6dcda930c __std_exception_copy 37 API calls 15253->15260 15261 7ff6dcdb020d 15253->15261 15263 7ff6dcdb0222 15253->15263 15256 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15254->15256 15256->15250 15258->15253 15259->15253 15260->15253 15262 7ff6dcda9f30 _wfindfirst32i64 17 API calls 15261->15262 15262->15263 15396 7ff6dcda936c 15263->15396 15265 7ff6dcda8695 15264->15265 15266 7ff6dcda868c 15264->15266 15265->15129 15265->15130 15266->15265 15462 7ff6dcda8154 15266->15462 15271 7ff6dcdb6539 15270->15271 15272 7ff6dcdb56dc 15270->15272 15274 7ff6dcda4a84 45 API calls 15271->15274 15273 7ff6dcdb56e9 15272->15273 15281 7ff6dcdb571f 15272->15281 15277 7ff6dcda6088 _set_fmode 11 API calls 15273->15277 15294 7ff6dcdb5690 15273->15294 15275 7ff6dcdb656d 15274->15275 15278 7ff6dcdb6572 15275->15278 15282 7ff6dcdb6583 15275->15282 15286 7ff6dcdb659a 15275->15286 15276 7ff6dcdb5749 15279 7ff6dcda6088 _set_fmode 11 API calls 15276->15279 15280 7ff6dcdb56f3 15277->15280 15278->15123 15283 7ff6dcdb574e 15279->15283 15284 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15280->15284 15281->15276 15285 7ff6dcdb576e 15281->15285 15287 7ff6dcda6088 _set_fmode 11 API calls 15282->15287 15288 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15283->15288 15289 7ff6dcdb56fe 15284->15289 15293 7ff6dcda4a84 45 API calls 15285->15293 15299 7ff6dcdb5759 15285->15299 15291 7ff6dcdb65a4 15286->15291 15292 7ff6dcdb65b6 15286->15292 15290 7ff6dcdb6588 15287->15290 15288->15299 15289->15123 15297 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15290->15297 15298 7ff6dcda6088 _set_fmode 11 API calls 15291->15298 15295 7ff6dcdb65de 15292->15295 15296 7ff6dcdb65c7 15292->15296 15293->15299 15294->15123 15757 7ff6dcdb8408 15295->15757 15748 7ff6dcdb572c 15296->15748 15297->15278 15302 7ff6dcdb65a9 15298->15302 15299->15123 15304 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15302->15304 15304->15278 15305 7ff6dcda6088 _set_fmode 11 API calls 15305->15278 15307 7ff6dcdb259e 15306->15307 15308 7ff6dcdb25bb 15306->15308 15307->15308 15310 7ff6dcdb25ac 15307->15310 15309 7ff6dcdb25c5 15308->15309 15797 7ff6dcdb7038 15308->15797 15804 7ff6dcdafa0c 15309->15804 15311 7ff6dcda6088 _set_fmode 11 API calls 15310->15311 15314 7ff6dcdb25b1 memcpy_s 15311->15314 15314->15148 15316 7ff6dcda4a84 45 API calls 15315->15316 15317 7ff6dcdb66aa 15316->15317 15319 7ff6dcdb66b8 15317->15319 15816 7ff6dcdae144 15317->15816 15819 7ff6dcda456c 15319->15819 15322 7ff6dcdb67a4 15324 7ff6dcdb67b5 15322->15324 15326 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15322->15326 15323 7ff6dcda4a84 45 API calls 15325 7ff6dcdb6727 15323->15325 15327 7ff6dcdafd63 15324->15327 15329 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15324->15329 15328 7ff6dcdae144 5 API calls 15325->15328 15330 7ff6dcdb6730 15325->15330 15326->15324 15327->15166 15327->15167 15328->15330 15329->15327 15331 7ff6dcda456c 14 API calls 15330->15331 15332 7ff6dcdb678b 15331->15332 15332->15322 15333 7ff6dcdb6793 SetEnvironmentVariableW 15332->15333 15333->15322 15336 7ff6dcda9da8 15334->15336 15337 7ff6dcda9dd3 15336->15337 15340 7ff6dcda9e44 15337->15340 15339 7ff6dcda9dfa 15348 7ff6dcda9b8c 15340->15348 15344 7ff6dcda9e7f 15344->15339 15346 7ff6dcda9f30 _wfindfirst32i64 17 API calls 15347 7ff6dcda9f0f 15346->15347 15349 7ff6dcda9be3 15348->15349 15350 7ff6dcda9ba8 GetLastError 15348->15350 15349->15344 15354 7ff6dcda9bf8 15349->15354 15351 7ff6dcda9bb8 15350->15351 15357 7ff6dcdaa9c0 15351->15357 15355 7ff6dcda9c14 GetLastError SetLastError 15354->15355 15356 7ff6dcda9c2c 15354->15356 15355->15356 15356->15344 15356->15346 15358 7ff6dcdaa9df FlsGetValue 15357->15358 15359 7ff6dcdaa9fa FlsSetValue 15357->15359 15360 7ff6dcdaa9f4 15358->15360 15362 7ff6dcda9bd3 SetLastError 15358->15362 15361 7ff6dcdaaa07 15359->15361 15359->15362 15360->15359 15363 7ff6dcdadeb8 _set_fmode 11 API calls 15361->15363 15362->15349 15364 7ff6dcdaaa16 15363->15364 15365 7ff6dcdaaa34 FlsSetValue 15364->15365 15366 7ff6dcdaaa24 FlsSetValue 15364->15366 15367 7ff6dcdaaa40 FlsSetValue 15365->15367 15368 7ff6dcdaaa52 15365->15368 15369 7ff6dcdaaa2d 15366->15369 15367->15369 15370 7ff6dcdaa524 _set_fmode 11 API calls 15368->15370 15371 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15369->15371 15372 7ff6dcdaaa5a 15370->15372 15371->15362 15373 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15372->15373 15373->15362 15375 7ff6dcda9c7e _wfindfirst32i64 memcpy_s 15374->15375 15376 7ff6dcda9ca6 RtlCaptureContext RtlLookupFunctionEntry 15375->15376 15377 7ff6dcda9ce0 RtlVirtualUnwind 15376->15377 15378 7ff6dcda9d16 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15376->15378 15377->15378 15380 7ff6dcda9d68 _wfindfirst32i64 15378->15380 15382 7ff6dcd9a100 15380->15382 15383 7ff6dcd9a109 15382->15383 15384 7ff6dcd9a114 GetCurrentProcess TerminateProcess 15383->15384 15385 7ff6dcd9a1c0 IsProcessorFeaturePresent 15383->15385 15386 7ff6dcd9a1d8 15385->15386 15391 7ff6dcd9a3b4 RtlCaptureContext 15386->15391 15392 7ff6dcd9a3ce RtlLookupFunctionEntry 15391->15392 15393 7ff6dcd9a3e4 RtlVirtualUnwind 15392->15393 15394 7ff6dcd9a1eb 15392->15394 15393->15392 15393->15394 15395 7ff6dcd9a180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15394->15395 15405 7ff6dcdb27f0 15396->15405 15431 7ff6dcdb27a8 15405->15431 15436 7ff6dcdaf808 EnterCriticalSection 15431->15436 15463 7ff6dcda816d 15462->15463 15476 7ff6dcda8169 15462->15476 15485 7ff6dcdb17b0 15463->15485 15468 7ff6dcda817f 15470 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15468->15470 15469 7ff6dcda818b 15511 7ff6dcda8238 15469->15511 15470->15476 15473 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15474 7ff6dcda81b2 15473->15474 15475 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15474->15475 15475->15476 15476->15265 15477 7ff6dcda84a8 15476->15477 15478 7ff6dcda84d1 15477->15478 15479 7ff6dcda84ea 15477->15479 15478->15265 15479->15478 15480 7ff6dcdadeb8 _set_fmode 11 API calls 15479->15480 15481 7ff6dcdaf138 WideCharToMultiByte 15479->15481 15482 7ff6dcda857a 15479->15482 15484 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15479->15484 15480->15479 15481->15479 15483 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15482->15483 15483->15478 15484->15479 15486 7ff6dcdb17bd 15485->15486 15490 7ff6dcda8172 15485->15490 15530 7ff6dcdaa854 15486->15530 15491 7ff6dcdb1aec GetEnvironmentStringsW 15490->15491 15492 7ff6dcda8177 15491->15492 15493 7ff6dcdb1b1c 15491->15493 15492->15468 15492->15469 15494 7ff6dcdaf138 WideCharToMultiByte 15493->15494 15495 7ff6dcdb1b6d 15494->15495 15496 7ff6dcdb1b74 FreeEnvironmentStringsW 15495->15496 15497 7ff6dcdacc2c _fread_nolock 12 API calls 15495->15497 15496->15492 15498 7ff6dcdb1b87 15497->15498 15499 7ff6dcdb1b8f 15498->15499 15500 7ff6dcdb1b98 15498->15500 15502 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15499->15502 15501 7ff6dcdaf138 WideCharToMultiByte 15500->15501 15503 7ff6dcdb1bbb 15501->15503 15504 7ff6dcdb1b96 15502->15504 15505 7ff6dcdb1bbf 15503->15505 15506 7ff6dcdb1bc9 15503->15506 15504->15496 15507 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15505->15507 15508 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15506->15508 15509 7ff6dcdb1bc7 FreeEnvironmentStringsW 15507->15509 15508->15509 15509->15492 15512 7ff6dcda825d 15511->15512 15513 7ff6dcdadeb8 _set_fmode 11 API calls 15512->15513 15514 7ff6dcda8293 15513->15514 15516 7ff6dcda830e 15514->15516 15519 7ff6dcdadeb8 _set_fmode 11 API calls 15514->15519 15520 7ff6dcda82fd 15514->15520 15522 7ff6dcda930c __std_exception_copy 37 API calls 15514->15522 15524 7ff6dcda8333 15514->15524 15526 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15514->15526 15527 7ff6dcda829b 15514->15527 15515 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15518 7ff6dcda8193 15515->15518 15517 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15516->15517 15517->15518 15518->15473 15519->15514 15742 7ff6dcda8464 15520->15742 15522->15514 15528 7ff6dcda9f30 _wfindfirst32i64 17 API calls 15524->15528 15525 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15525->15527 15526->15514 15527->15515 15529 7ff6dcda8346 15528->15529 15531 7ff6dcdaa880 FlsSetValue 15530->15531 15532 7ff6dcdaa865 FlsGetValue 15530->15532 15533 7ff6dcdaa872 15531->15533 15535 7ff6dcdaa88d 15531->15535 15532->15533 15534 7ff6dcdaa87a 15532->15534 15536 7ff6dcdaa878 15533->15536 15537 7ff6dcda936c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15533->15537 15534->15531 15538 7ff6dcdadeb8 _set_fmode 11 API calls 15535->15538 15550 7ff6dcdb1484 15536->15550 15539 7ff6dcdaa8f5 15537->15539 15540 7ff6dcdaa89c 15538->15540 15541 7ff6dcdaa8ba FlsSetValue 15540->15541 15542 7ff6dcdaa8aa FlsSetValue 15540->15542 15543 7ff6dcdaa8d8 15541->15543 15544 7ff6dcdaa8c6 FlsSetValue 15541->15544 15545 7ff6dcdaa8b3 15542->15545 15546 7ff6dcdaa524 _set_fmode 11 API calls 15543->15546 15544->15545 15547 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15545->15547 15548 7ff6dcdaa8e0 15546->15548 15547->15533 15549 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15548->15549 15549->15536 15573 7ff6dcdb16f4 15550->15573 15552 7ff6dcdb14b9 15588 7ff6dcdb1184 15552->15588 15555 7ff6dcdb14d6 15555->15490 15556 7ff6dcdacc2c _fread_nolock 12 API calls 15557 7ff6dcdb14e7 15556->15557 15558 7ff6dcdb14ef 15557->15558 15560 7ff6dcdb14fe 15557->15560 15559 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15558->15559 15559->15555 15560->15560 15595 7ff6dcdb182c 15560->15595 15563 7ff6dcdb15fa 15564 7ff6dcda6088 _set_fmode 11 API calls 15563->15564 15565 7ff6dcdb15ff 15564->15565 15567 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15565->15567 15566 7ff6dcdb1655 15569 7ff6dcdb16bc 15566->15569 15606 7ff6dcdb0fb4 15566->15606 15567->15555 15568 7ff6dcdb1614 15568->15566 15571 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15568->15571 15570 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15569->15570 15570->15555 15571->15566 15574 7ff6dcdb1717 15573->15574 15575 7ff6dcdb1721 15574->15575 15621 7ff6dcdaf808 EnterCriticalSection 15574->15621 15577 7ff6dcdb1793 15575->15577 15578 7ff6dcda936c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15575->15578 15577->15552 15582 7ff6dcdb17ab 15578->15582 15583 7ff6dcdb1802 15582->15583 15585 7ff6dcdaa854 50 API calls 15582->15585 15583->15552 15586 7ff6dcdb17ec 15585->15586 15587 7ff6dcdb1484 65 API calls 15586->15587 15587->15583 15622 7ff6dcda4a84 15588->15622 15591 7ff6dcdb11a4 GetOEMCP 15593 7ff6dcdb11cb 15591->15593 15592 7ff6dcdb11b6 15592->15593 15594 7ff6dcdb11bb GetACP 15592->15594 15593->15555 15593->15556 15594->15593 15596 7ff6dcdb1184 47 API calls 15595->15596 15597 7ff6dcdb1859 15596->15597 15598 7ff6dcdb19af 15597->15598 15600 7ff6dcdb1896 IsValidCodePage 15597->15600 15605 7ff6dcdb18b0 memcpy_s 15597->15605 15599 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15598->15599 15601 7ff6dcdb15f1 15599->15601 15600->15598 15602 7ff6dcdb18a7 15600->15602 15601->15563 15601->15568 15603 7ff6dcdb18d6 GetCPInfo 15602->15603 15602->15605 15603->15598 15603->15605 15654 7ff6dcdb129c 15605->15654 15741 7ff6dcdaf808 EnterCriticalSection 15606->15741 15623 7ff6dcda4aa8 15622->15623 15629 7ff6dcda4aa3 15622->15629 15624 7ff6dcdaa780 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15623->15624 15623->15629 15625 7ff6dcda4ac3 15624->15625 15630 7ff6dcdacc8c 15625->15630 15629->15591 15629->15592 15631 7ff6dcdacca1 15630->15631 15632 7ff6dcda4ae6 15630->15632 15631->15632 15638 7ff6dcdb24a4 15631->15638 15634 7ff6dcdaccf8 15632->15634 15635 7ff6dcdacd20 15634->15635 15636 7ff6dcdacd0d 15634->15636 15635->15629 15636->15635 15651 7ff6dcdb1810 15636->15651 15639 7ff6dcdaa780 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15638->15639 15640 7ff6dcdb24b3 15639->15640 15641 7ff6dcdb24fe 15640->15641 15650 7ff6dcdaf808 EnterCriticalSection 15640->15650 15641->15632 15652 7ff6dcdaa780 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15651->15652 15653 7ff6dcdb1819 15652->15653 15655 7ff6dcdb12d9 GetCPInfo 15654->15655 15656 7ff6dcdb13cf 15654->15656 15655->15656 15662 7ff6dcdb12ec 15655->15662 15657 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15656->15657 15659 7ff6dcdb146e 15657->15659 15659->15598 15665 7ff6dcdb1fe0 15662->15665 15666 7ff6dcda4a84 45 API calls 15665->15666 15667 7ff6dcdb2022 15666->15667 15685 7ff6dcdae870 15667->15685 15686 7ff6dcdae879 MultiByteToWideChar 15685->15686 15746 7ff6dcda8469 15742->15746 15747 7ff6dcda8305 15742->15747 15743 7ff6dcda8492 15745 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15743->15745 15744 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15744->15746 15745->15747 15746->15743 15746->15744 15747->15525 15749 7ff6dcdb5760 15748->15749 15750 7ff6dcdb5749 15748->15750 15749->15750 15753 7ff6dcdb576e 15749->15753 15751 7ff6dcda6088 _set_fmode 11 API calls 15750->15751 15752 7ff6dcdb574e 15751->15752 15754 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15752->15754 15755 7ff6dcda4a84 45 API calls 15753->15755 15756 7ff6dcdb5759 15753->15756 15754->15756 15755->15756 15756->15278 15758 7ff6dcda4a84 45 API calls 15757->15758 15759 7ff6dcdb842d 15758->15759 15762 7ff6dcdb8084 15759->15762 15765 7ff6dcdb80d2 15762->15765 15763 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15764 7ff6dcdb6605 15763->15764 15764->15278 15764->15305 15766 7ff6dcdb8159 15765->15766 15768 7ff6dcdb8144 GetCPInfo 15765->15768 15771 7ff6dcdb815d 15765->15771 15767 7ff6dcdae870 _fread_nolock MultiByteToWideChar 15766->15767 15766->15771 15769 7ff6dcdb81f1 15767->15769 15768->15766 15768->15771 15770 7ff6dcdacc2c _fread_nolock 12 API calls 15769->15770 15769->15771 15772 7ff6dcdb8228 15769->15772 15770->15772 15771->15763 15772->15771 15773 7ff6dcdae870 _fread_nolock MultiByteToWideChar 15772->15773 15774 7ff6dcdb8296 15773->15774 15775 7ff6dcdb8378 15774->15775 15776 7ff6dcdae870 _fread_nolock MultiByteToWideChar 15774->15776 15775->15771 15777 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15775->15777 15778 7ff6dcdb82bc 15776->15778 15777->15771 15778->15775 15779 7ff6dcdacc2c _fread_nolock 12 API calls 15778->15779 15780 7ff6dcdb82e9 15778->15780 15779->15780 15780->15775 15781 7ff6dcdae870 _fread_nolock MultiByteToWideChar 15780->15781 15782 7ff6dcdb8360 15781->15782 15783 7ff6dcdb8380 15782->15783 15784 7ff6dcdb8366 15782->15784 15791 7ff6dcdae188 15783->15791 15784->15775 15786 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15784->15786 15786->15775 15788 7ff6dcdb83bf 15788->15771 15790 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15788->15790 15789 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15789->15788 15790->15771 15792 7ff6dcdadf30 __crtLCMapStringW 5 API calls 15791->15792 15793 7ff6dcdae1c6 15792->15793 15794 7ff6dcdae1ce 15793->15794 15795 7ff6dcdae3f0 __crtLCMapStringW 5 API calls 15793->15795 15794->15788 15794->15789 15796 7ff6dcdae237 CompareStringW 15795->15796 15796->15794 15798 7ff6dcdb7041 15797->15798 15799 7ff6dcdb705a HeapSize 15797->15799 15800 7ff6dcda6088 _set_fmode 11 API calls 15798->15800 15801 7ff6dcdb7046 15800->15801 15802 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15801->15802 15803 7ff6dcdb7051 15802->15803 15803->15309 15805 7ff6dcdafa21 15804->15805 15806 7ff6dcdafa2b 15804->15806 15807 7ff6dcdacc2c _fread_nolock 12 API calls 15805->15807 15808 7ff6dcdafa30 15806->15808 15814 7ff6dcdafa37 _set_fmode 15806->15814 15813 7ff6dcdafa29 15807->15813 15809 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15808->15809 15809->15813 15810 7ff6dcdafa3d 15812 7ff6dcda6088 _set_fmode 11 API calls 15810->15812 15811 7ff6dcdafa6a HeapReAlloc 15811->15813 15811->15814 15812->15813 15813->15314 15814->15810 15814->15811 15815 7ff6dcdb2730 _set_fmode 2 API calls 15814->15815 15815->15814 15817 7ff6dcdadf30 __crtLCMapStringW 5 API calls 15816->15817 15818 7ff6dcdae164 15817->15818 15818->15319 15820 7ff6dcda4596 15819->15820 15821 7ff6dcda45ba 15819->15821 15824 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15820->15824 15840 7ff6dcda45a5 15820->15840 15822 7ff6dcda4614 15821->15822 15825 7ff6dcda45bf 15821->15825 15823 7ff6dcdae870 _fread_nolock MultiByteToWideChar 15822->15823 15833 7ff6dcda4630 15823->15833 15824->15840 15826 7ff6dcda45d4 15825->15826 15827 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15825->15827 15825->15840 15828 7ff6dcdacc2c _fread_nolock 12 API calls 15826->15828 15827->15826 15828->15840 15829 7ff6dcda4637 GetLastError 15841 7ff6dcda5ffc 15829->15841 15830 7ff6dcda4672 15834 7ff6dcdae870 _fread_nolock MultiByteToWideChar 15830->15834 15830->15840 15832 7ff6dcda4665 15837 7ff6dcdacc2c _fread_nolock 12 API calls 15832->15837 15833->15829 15833->15830 15833->15832 15836 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15833->15836 15838 7ff6dcda46b6 15834->15838 15836->15832 15837->15830 15838->15829 15838->15840 15839 7ff6dcda6088 _set_fmode 11 API calls 15839->15840 15840->15322 15840->15323 15842 7ff6dcdaa8f8 _set_fmode 11 API calls 15841->15842 15843 7ff6dcda6009 Concurrency::details::SchedulerProxy::DeleteThis 15842->15843 15844 7ff6dcdaa8f8 _set_fmode 11 API calls 15843->15844 15845 7ff6dcda4644 15844->15845 15845->15839 15939 7ff6dcdae95c 15940 7ff6dcdaeb4e 15939->15940 15943 7ff6dcdae99e _isindst 15939->15943 15941 7ff6dcda6088 _set_fmode 11 API calls 15940->15941 15959 7ff6dcdaeb3e 15941->15959 15942 7ff6dcd9a100 _wfindfirst32i64 8 API calls 15944 7ff6dcdaeb69 15942->15944 15943->15940 15945 7ff6dcdaea1e _isindst 15943->15945 15960 7ff6dcdb5434 15945->15960 15950 7ff6dcdaeb7a 15952 7ff6dcda9f30 _wfindfirst32i64 17 API calls 15950->15952 15954 7ff6dcdaeb8e 15952->15954 15957 7ff6dcdaea7b 15957->15959 15984 7ff6dcdb5478 15957->15984 15959->15942 15961 7ff6dcdb5443 15960->15961 15964 7ff6dcdaea3c 15960->15964 15991 7ff6dcdaf808 EnterCriticalSection 15961->15991 15966 7ff6dcdb4838 15964->15966 15967 7ff6dcdb4841 15966->15967 15968 7ff6dcdaea51 15966->15968 15969 7ff6dcda6088 _set_fmode 11 API calls 15967->15969 15968->15950 15972 7ff6dcdb4868 15968->15972 15970 7ff6dcdb4846 15969->15970 15971 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15970->15971 15971->15968 15973 7ff6dcdb4871 15972->15973 15974 7ff6dcdaea62 15972->15974 15975 7ff6dcda6088 _set_fmode 11 API calls 15973->15975 15974->15950 15978 7ff6dcdb4898 15974->15978 15976 7ff6dcdb4876 15975->15976 15977 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15976->15977 15977->15974 15979 7ff6dcdb48a1 15978->15979 15980 7ff6dcdaea73 15978->15980 15981 7ff6dcda6088 _set_fmode 11 API calls 15979->15981 15980->15950 15980->15957 15982 7ff6dcdb48a6 15981->15982 15983 7ff6dcda9f10 _invalid_parameter_noinfo 37 API calls 15982->15983 15983->15980 15992 7ff6dcdaf808 EnterCriticalSection 15984->15992 19481 7ff6dcdb0870 19492 7ff6dcdb67e4 19481->19492 19493 7ff6dcdb67f1 19492->19493 19494 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19493->19494 19495 7ff6dcdb680d 19493->19495 19494->19493 19496 7ff6dcda9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19495->19496 19497 7ff6dcdb0879 19495->19497 19496->19495 19498 7ff6dcdaf808 EnterCriticalSection 19497->19498 15032 7ff6dcd996f0 15033 7ff6dcd9971e 15032->15033 15034 7ff6dcd99705 15032->15034 15034->15033 15037 7ff6dcdacc2c 15034->15037 15038 7ff6dcdacc77 15037->15038 15042 7ff6dcdacc3b _set_fmode 15037->15042 15047 7ff6dcda6088 15038->15047 15040 7ff6dcdacc5e HeapAlloc 15041 7ff6dcd9977c 15040->15041 15040->15042 15042->15038 15042->15040 15044 7ff6dcdb2730 15042->15044 15050 7ff6dcdb2770 15044->15050 15056 7ff6dcdaa8f8 GetLastError 15047->15056 15049 7ff6dcda6091 15049->15041 15055 7ff6dcdaf808 EnterCriticalSection 15050->15055 15057 7ff6dcdaa939 FlsSetValue 15056->15057 15061 7ff6dcdaa91c 15056->15061 15058 7ff6dcdaa94b 15057->15058 15062 7ff6dcdaa929 SetLastError 15057->15062 15073 7ff6dcdadeb8 15058->15073 15061->15057 15061->15062 15062->15049 15064 7ff6dcdaa978 FlsSetValue 15067 7ff6dcdaa984 FlsSetValue 15064->15067 15068 7ff6dcdaa996 15064->15068 15065 7ff6dcdaa968 FlsSetValue 15066 7ff6dcdaa971 15065->15066 15080 7ff6dcda9f78 15066->15080 15067->15066 15086 7ff6dcdaa524 15068->15086 15078 7ff6dcdadec9 _set_fmode 15073->15078 15074 7ff6dcdadf1a 15077 7ff6dcda6088 _set_fmode 10 API calls 15074->15077 15075 7ff6dcdadefe HeapAlloc 15076 7ff6dcdaa95a 15075->15076 15075->15078 15076->15064 15076->15065 15077->15076 15078->15074 15078->15075 15079 7ff6dcdb2730 _set_fmode 2 API calls 15078->15079 15079->15078 15081 7ff6dcda9f7d RtlFreeHeap 15080->15081 15085 7ff6dcda9fac 15080->15085 15082 7ff6dcda9f98 GetLastError 15081->15082 15081->15085 15083 7ff6dcda9fa5 Concurrency::details::SchedulerProxy::DeleteThis 15082->15083 15084 7ff6dcda6088 _set_fmode 9 API calls 15083->15084 15084->15085 15085->15062 15091 7ff6dcdaa3fc 15086->15091 15103 7ff6dcdaf808 EnterCriticalSection 15091->15103

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 00007FF6DCDB4EA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 135 7ff6dcdb4ea0-7ff6dcdb4edb call 7ff6dcdb4828 call 7ff6dcdb4830 call 7ff6dcdb4898 142 7ff6dcdb4ee1-7ff6dcdb4eec call 7ff6dcdb4838 135->142 143 7ff6dcdb5105-7ff6dcdb5151 call 7ff6dcda9f30 call 7ff6dcdb4828 call 7ff6dcdb4830 call 7ff6dcdb4898 135->143 142->143 148 7ff6dcdb4ef2-7ff6dcdb4efc 142->148 168 7ff6dcdb528f-7ff6dcdb52fd call 7ff6dcda9f30 call 7ff6dcdb0738 143->168 169 7ff6dcdb5157-7ff6dcdb5162 call 7ff6dcdb4838 143->169 150 7ff6dcdb4f1e-7ff6dcdb4f22 148->150 151 7ff6dcdb4efe-7ff6dcdb4f01 148->151 154 7ff6dcdb4f25-7ff6dcdb4f2d 150->154 153 7ff6dcdb4f04-7ff6dcdb4f0f 151->153 156 7ff6dcdb4f11-7ff6dcdb4f18 153->156 157 7ff6dcdb4f1a-7ff6dcdb4f1c 153->157 154->154 158 7ff6dcdb4f2f-7ff6dcdb4f42 call 7ff6dcdacc2c 154->158 156->153 156->157 157->150 160 7ff6dcdb4f4b-7ff6dcdb4f59 157->160 166 7ff6dcdb4f44-7ff6dcdb4f46 call 7ff6dcda9f78 158->166 167 7ff6dcdb4f5a-7ff6dcdb4f66 call 7ff6dcda9f78 158->167 166->160 176 7ff6dcdb4f6d-7ff6dcdb4f75 167->176 189 7ff6dcdb52ff-7ff6dcdb5306 168->189 190 7ff6dcdb530b-7ff6dcdb530e 168->190 169->168 178 7ff6dcdb5168-7ff6dcdb5173 call 7ff6dcdb4868 169->178 176->176 179 7ff6dcdb4f77-7ff6dcdb4f88 call 7ff6dcdaf9a4 176->179 178->168 187 7ff6dcdb5179-7ff6dcdb519c call 7ff6dcda9f78 GetTimeZoneInformation 178->187 179->143 188 7ff6dcdb4f8e-7ff6dcdb4fe4 call 7ff6dcd9b880 * 4 call 7ff6dcdb4dbc 179->188 204 7ff6dcdb5264-7ff6dcdb528e call 7ff6dcdb4820 call 7ff6dcdb4810 call 7ff6dcdb4818 187->204 205 7ff6dcdb51a2-7ff6dcdb51c3 187->205 247 7ff6dcdb4fe6-7ff6dcdb4fea 188->247 195 7ff6dcdb539b-7ff6dcdb539e 189->195 191 7ff6dcdb5310 190->191 192 7ff6dcdb5345-7ff6dcdb5358 call 7ff6dcdacc2c 190->192 197 7ff6dcdb5313 191->197 212 7ff6dcdb5363-7ff6dcdb537e call 7ff6dcdb0738 192->212 213 7ff6dcdb535a 192->213 196 7ff6dcdb53a4-7ff6dcdb53ac call 7ff6dcdb4ea0 195->196 195->197 202 7ff6dcdb5318-7ff6dcdb5344 call 7ff6dcda9f78 call 7ff6dcd9a100 196->202 197->202 203 7ff6dcdb5313 call 7ff6dcdb511c 197->203 203->202 210 7ff6dcdb51ce-7ff6dcdb51d5 205->210 211 7ff6dcdb51c5-7ff6dcdb51cb 205->211 218 7ff6dcdb51e9 210->218 219 7ff6dcdb51d7-7ff6dcdb51df 210->219 211->210 235 7ff6dcdb5380-7ff6dcdb5383 212->235 236 7ff6dcdb5385-7ff6dcdb5397 call 7ff6dcda9f78 212->236 220 7ff6dcdb535c-7ff6dcdb5361 call 7ff6dcda9f78 213->220 225 7ff6dcdb51eb-7ff6dcdb525f call 7ff6dcd9b880 * 4 call 7ff6dcdb1cfc call 7ff6dcdb53b4 * 2 218->225 219->218 228 7ff6dcdb51e1-7ff6dcdb51e7 219->228 220->191 225->204 228->225 235->220 236->195 249 7ff6dcdb4ff0-7ff6dcdb4ff4 247->249 250 7ff6dcdb4fec 247->250 249->247 252 7ff6dcdb4ff6-7ff6dcdb501b call 7ff6dcdb7ce4 249->252 250->249 258 7ff6dcdb501e-7ff6dcdb5022 252->258 260 7ff6dcdb5031-7ff6dcdb5035 258->260 261 7ff6dcdb5024-7ff6dcdb502f 258->261 260->258 261->260 263 7ff6dcdb5037-7ff6dcdb503b 261->263 266 7ff6dcdb50bc-7ff6dcdb50c0 263->266 267 7ff6dcdb503d-7ff6dcdb5065 call 7ff6dcdb7ce4 263->267 269 7ff6dcdb50c2-7ff6dcdb50c4 266->269 270 7ff6dcdb50c7-7ff6dcdb50d4 266->270 275 7ff6dcdb5083-7ff6dcdb5087 267->275 276 7ff6dcdb5067 267->276 269->270 272 7ff6dcdb50ef-7ff6dcdb50fe call 7ff6dcdb4820 call 7ff6dcdb4810 270->272 273 7ff6dcdb50d6-7ff6dcdb50ec call 7ff6dcdb4dbc 270->273 272->143 273->272 275->266 281 7ff6dcdb5089-7ff6dcdb50a7 call 7ff6dcdb7ce4 275->281 279 7ff6dcdb506a-7ff6dcdb5071 276->279 279->275 282 7ff6dcdb5073-7ff6dcdb5081 279->282 287 7ff6dcdb50b3-7ff6dcdb50ba 281->287 282->275 282->279 287->266 288 7ff6dcdb50a9-7ff6dcdb50ad 287->288 288->266 289 7ff6dcdb50af 288->289 289->287
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB4EE5
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDB4838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDB484C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F8E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F78: GetLastError.KERNEL32(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F98
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6DCDA9F0F,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDA9F39
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6DCDA9F0F,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDA9F5E
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB4ED4
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDB4898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDB48AC
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB514A
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB515B
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB516C
                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6DCDB53AC), ref: 00007FF6DCDB5193
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                        • Opcode ID: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                                                                                                                                                                                        • Instruction ID: 59951e88c6eee74e0eb45011628f597bb6d6249d053e4119aa65e5f7e3a3f24b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86D18D26F1824A86EB20EF259C505BD66A2FF98784F454237EA0DC7695EF3CE462C740
                                                                                                                                                                                                                                        Function 00007FF6DCD958E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,00000000,?,00007FF6DCD958AD), ref: 00007FF6DCD9597A
                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00007FF6DCD958AD), ref: 00007FF6DCD95980
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD95AF0: GetEnvironmentVariableW.KERNEL32(00007FF6DCD92817,?,?,?,?,?,?), ref: 00007FF6DCD95B2A
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD95AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD95B47
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA6818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDA6831
                                                                                                                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6DCD95A31
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                        • API String ID: 1556224225-1116378104
                                                                                                                                                                                                                                        • Opcode ID: c805534fc36cce2f638f5d4b2e31efb0a3bdcbd638384fcea02245f06552b5c8
                                                                                                                                                                                                                                        • Instruction ID: 3315bf6227e4985df3524eaee9ec0175bfa3dec5e1dd2b2ea66a2af0a155a8b3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c805534fc36cce2f638f5d4b2e31efb0a3bdcbd638384fcea02245f06552b5c8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43519118B0D64B40FE94A762ADA55BD9291AF99BD0F845233EC0EC7796ED2CF423C300
                                                                                                                                                                                                                                        Function 00007FF6DCDB5DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 390 7ff6dcdb5dec-7ff6dcdb5e5f call 7ff6dcdb5b20 393 7ff6dcdb5e61-7ff6dcdb5e6a call 7ff6dcda6068 390->393 394 7ff6dcdb5e79-7ff6dcdb5e83 call 7ff6dcda6e60 390->394 401 7ff6dcdb5e6d-7ff6dcdb5e74 call 7ff6dcda6088 393->401 399 7ff6dcdb5e9e-7ff6dcdb5f07 CreateFileW 394->399 400 7ff6dcdb5e85-7ff6dcdb5e9c call 7ff6dcda6068 call 7ff6dcda6088 394->400 404 7ff6dcdb5f84-7ff6dcdb5f8f GetFileType 399->404 405 7ff6dcdb5f09-7ff6dcdb5f0f 399->405 400->401 412 7ff6dcdb61ba-7ff6dcdb61da 401->412 407 7ff6dcdb5f91-7ff6dcdb5fcc GetLastError call 7ff6dcda5ffc CloseHandle 404->407 408 7ff6dcdb5fe2-7ff6dcdb5fe9 404->408 410 7ff6dcdb5f51-7ff6dcdb5f7f GetLastError call 7ff6dcda5ffc 405->410 411 7ff6dcdb5f11-7ff6dcdb5f15 405->411 407->401 424 7ff6dcdb5fd2-7ff6dcdb5fdd call 7ff6dcda6088 407->424 415 7ff6dcdb5ff1-7ff6dcdb5ff4 408->415 416 7ff6dcdb5feb-7ff6dcdb5fef 408->416 410->401 411->410 417 7ff6dcdb5f17-7ff6dcdb5f4f CreateFileW 411->417 422 7ff6dcdb5ffa-7ff6dcdb604f call 7ff6dcda6d78 415->422 423 7ff6dcdb5ff6 415->423 416->422 417->404 417->410 429 7ff6dcdb6051-7ff6dcdb605d call 7ff6dcdb5d28 422->429 430 7ff6dcdb606e-7ff6dcdb609f call 7ff6dcdb58a0 422->430 423->422 424->401 429->430 435 7ff6dcdb605f 429->435 436 7ff6dcdb60a1-7ff6dcdb60a3 430->436 437 7ff6dcdb60a5-7ff6dcdb60e7 430->437 438 7ff6dcdb6061-7ff6dcdb6069 call 7ff6dcdaa0f0 435->438 436->438 439 7ff6dcdb6109-7ff6dcdb6114 437->439 440 7ff6dcdb60e9-7ff6dcdb60ed 437->440 438->412 443 7ff6dcdb61b8 439->443 444 7ff6dcdb611a-7ff6dcdb611e 439->444 440->439 442 7ff6dcdb60ef-7ff6dcdb6104 440->442 442->439 443->412 444->443 446 7ff6dcdb6124-7ff6dcdb6169 CloseHandle CreateFileW 444->446 447 7ff6dcdb619e-7ff6dcdb61b3 446->447 448 7ff6dcdb616b-7ff6dcdb6199 GetLastError call 7ff6dcda5ffc call 7ff6dcda6fa0 446->448 447->443 448->447
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                        • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                                        • Instruction ID: 6a9f150d9c77d74e3eb90158f47f952d40f7f92cddb69d4f59259a4e44de5d8a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98C1D436B28A4985EB10CFA5C8906AC3772F799B98F110336DE1E97795DF38D466C300
                                                                                                                                                                                                                                        Function 00007FF6DCDB511C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 795 7ff6dcdb511c-7ff6dcdb5151 call 7ff6dcdb4828 call 7ff6dcdb4830 call 7ff6dcdb4898 802 7ff6dcdb528f-7ff6dcdb52fd call 7ff6dcda9f30 call 7ff6dcdb0738 795->802 803 7ff6dcdb5157-7ff6dcdb5162 call 7ff6dcdb4838 795->803 815 7ff6dcdb52ff-7ff6dcdb5306 802->815 816 7ff6dcdb530b-7ff6dcdb530e 802->816 803->802 808 7ff6dcdb5168-7ff6dcdb5173 call 7ff6dcdb4868 803->808 808->802 814 7ff6dcdb5179-7ff6dcdb519c call 7ff6dcda9f78 GetTimeZoneInformation 808->814 828 7ff6dcdb5264-7ff6dcdb528e call 7ff6dcdb4820 call 7ff6dcdb4810 call 7ff6dcdb4818 814->828 829 7ff6dcdb51a2-7ff6dcdb51c3 814->829 820 7ff6dcdb539b-7ff6dcdb539e 815->820 817 7ff6dcdb5310 816->817 818 7ff6dcdb5345-7ff6dcdb5358 call 7ff6dcdacc2c 816->818 822 7ff6dcdb5313 817->822 835 7ff6dcdb5363-7ff6dcdb537e call 7ff6dcdb0738 818->835 836 7ff6dcdb535a 818->836 821 7ff6dcdb53a4-7ff6dcdb53ac call 7ff6dcdb4ea0 820->821 820->822 826 7ff6dcdb5318-7ff6dcdb5344 call 7ff6dcda9f78 call 7ff6dcd9a100 821->826 822->826 827 7ff6dcdb5313 call 7ff6dcdb511c 822->827 827->826 833 7ff6dcdb51ce-7ff6dcdb51d5 829->833 834 7ff6dcdb51c5-7ff6dcdb51cb 829->834 840 7ff6dcdb51e9 833->840 841 7ff6dcdb51d7-7ff6dcdb51df 833->841 834->833 854 7ff6dcdb5380-7ff6dcdb5383 835->854 855 7ff6dcdb5385-7ff6dcdb5397 call 7ff6dcda9f78 835->855 842 7ff6dcdb535c-7ff6dcdb5361 call 7ff6dcda9f78 836->842 845 7ff6dcdb51eb-7ff6dcdb525f call 7ff6dcd9b880 * 4 call 7ff6dcdb1cfc call 7ff6dcdb53b4 * 2 840->845 841->840 848 7ff6dcdb51e1-7ff6dcdb51e7 841->848 842->817 845->828 848->845 854->842 855->820
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB514A
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDB4898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDB48AC
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB515B
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDB4838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDB484C
                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6DCDB516C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDB4868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDB487C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F8E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F78: GetLastError.KERNEL32(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F98
                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6DCDB53AC), ref: 00007FF6DCDB5193
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                        • Opcode ID: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                                                                                                                                                                                        • Instruction ID: cc020d2c7ae26e8b592192f566bf5b7d1e1e90bc26c91ae771b6570610d47fed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43516C26F1864A86EB20DF21AD915ADB761BF98784F404237EA4DC7795DF3CE422CB40
                                                                                                                                                                                                                                        Function 00007FF6DCD969E0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                        • Opcode ID: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                                                                                                                                                                                        • Instruction ID: 073c4ade2726027230c55d3b1912d6f804eab4cdc9c4a3166b543832cc1e8e35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F0A436B1C68586E7A08F64ECA476EB361FB44724F004336D66D426D4DF3CD42ACB00
                                                                                                                                                                                                                                        Function 00007FF6DCDAFA88 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                                        • Opcode ID: 036bb9af6ac8c728884dbc430cc13962f440282e35d529492d92ee50b2a68dd9
                                                                                                                                                                                                                                        • Instruction ID: d91615cf89b5ede625ed7cf37cb6b2539af7afbf317f0e1b6804849cc63da2f6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 036bb9af6ac8c728884dbc430cc13962f440282e35d529492d92ee50b2a68dd9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4025A21F0D74A40EA65AB129C90A7D6691AFA5B90F544737ED5EC67D2DF3CE423C300
                                                                                                                                                                                                                                        Function 00007FF6DCD917B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 3405171723-4158440160
                                                                                                                                                                                                                                        • Opcode ID: 3dd81e11b18fc9e391ce97d87c5df179014315260915c8fdf2366e990ec26e09
                                                                                                                                                                                                                                        • Instruction ID: f31e1b73365b2affcc5330b60cf2602ed0fb1d2de6e433a2ef56942bf395b7e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3dd81e11b18fc9e391ce97d87c5df179014315260915c8fdf2366e990ec26e09
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D516B76B09A0A96EB54CF24D86027C73A1FB48B88B508637DA1DC7799DF3CE562C740
                                                                                                                                                                                                                                        Function 00007FF6DCD91440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 53 7ff6dcd91440-7ff6dcd91457 call 7ff6dcd95880 56 7ff6dcd91462-7ff6dcd91485 call 7ff6dcd95ba0 53->56 57 7ff6dcd91459-7ff6dcd91461 53->57 60 7ff6dcd914a7-7ff6dcd914ad 56->60 61 7ff6dcd91487-7ff6dcd914a2 call 7ff6dcd91c10 56->61 63 7ff6dcd914af-7ff6dcd914ba call 7ff6dcd92de0 60->63 64 7ff6dcd914e0-7ff6dcd914f4 call 7ff6dcd9ec94 60->64 70 7ff6dcd91635-7ff6dcd91647 61->70 68 7ff6dcd914bf-7ff6dcd914c5 63->68 72 7ff6dcd91516-7ff6dcd9151a 64->72 73 7ff6dcd914f6-7ff6dcd91511 call 7ff6dcd91c10 64->73 68->64 71 7ff6dcd914c7-7ff6dcd914db call 7ff6dcd91c50 68->71 83 7ff6dcd91617-7ff6dcd9161d 71->83 76 7ff6dcd91534-7ff6dcd91554 call 7ff6dcda414c 72->76 77 7ff6dcd9151c-7ff6dcd91528 call 7ff6dcd91050 72->77 73->83 85 7ff6dcd91575-7ff6dcd9157b 76->85 86 7ff6dcd91556-7ff6dcd91570 call 7ff6dcd91c10 76->86 84 7ff6dcd9152d-7ff6dcd9152f 77->84 87 7ff6dcd9161f call 7ff6dcd9e60c 83->87 88 7ff6dcd9162b-7ff6dcd9162e call 7ff6dcd9e60c 83->88 84->83 90 7ff6dcd91581-7ff6dcd91586 85->90 91 7ff6dcd91605-7ff6dcd91608 call 7ff6dcda4138 85->91 99 7ff6dcd9160d-7ff6dcd91612 86->99 97 7ff6dcd91624 87->97 98 7ff6dcd91633 88->98 96 7ff6dcd91590-7ff6dcd915b2 call 7ff6dcd9e95c 90->96 91->99 102 7ff6dcd915b4-7ff6dcd915cc call 7ff6dcd9f09c 96->102 103 7ff6dcd915e5-7ff6dcd915ec 96->103 97->88 98->70 99->83 109 7ff6dcd915ce-7ff6dcd915d1 102->109 110 7ff6dcd915d5-7ff6dcd915e3 102->110 104 7ff6dcd915f3-7ff6dcd915fb call 7ff6dcd91c10 103->104 111 7ff6dcd91600 104->111 109->96 112 7ff6dcd915d3 109->112 110->104 111->91 112->111
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                        • API String ID: 0-666925554
                                                                                                                                                                                                                                        • Opcode ID: 6a700ff59d1eae3cd4f1897966358a388e1f51ee3372cc3160cad33ce14096f4
                                                                                                                                                                                                                                        • Instruction ID: 285b0601688a3068337e03c3da12fbbc8b19ae73c9baeffcdecbec682b684a2d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a700ff59d1eae3cd4f1897966358a388e1f51ee3372cc3160cad33ce14096f4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74519A69B0CA4A81EA109B21AC246BD63A1AF49BD4F544733DE1D87A95EE3CE567C300
                                                                                                                                                                                                                                        Function 00007FF6DCD96A60 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                        • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                        • Opcode ID: 04a4952acd007a2d57849bf4a7f549880b035f2fca275a5dfd27a02a5c87a0f0
                                                                                                                                                                                                                                        • Instruction ID: 9815c01fff08c09dc575f8999a900fd78ac68dd47b942b1a3c9fbea885d45496
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04a4952acd007a2d57849bf4a7f549880b035f2fca275a5dfd27a02a5c87a0f0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA41713271CA8A82EB509F60EC556AE7361FB85794F500332EA5E876D9DF3CE45AC700
                                                                                                                                                                                                                                        Function 00007FF6DCD96130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                        • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                        • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                        • Opcode ID: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                                                                                                                                        • Instruction ID: 5573ffa8e0d954b8831b086bd1ad64191d7f1d27b7200affa7e415c57d4a8209
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50413232B0878685DA209B64F8552AEB3A1FBD5360F500736E6AD83BD9DF7CD056CB00
                                                                                                                                                                                                                                        Function 00007FF6DCD91000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 453 7ff6dcd91000-7ff6dcd927b6 call 7ff6dcd9e3e0 call 7ff6dcd9e3d8 call 7ff6dcd967c0 call 7ff6dcd9a130 call 7ff6dcda4310 call 7ff6dcda4f7c call 7ff6dcd91af0 469 7ff6dcd928ca 453->469 470 7ff6dcd927bc-7ff6dcd927cb call 7ff6dcd92cd0 453->470 471 7ff6dcd928cf-7ff6dcd928ef call 7ff6dcd9a100 469->471 470->469 476 7ff6dcd927d1-7ff6dcd927e4 call 7ff6dcd92ba0 470->476 476->469 479 7ff6dcd927ea-7ff6dcd927fd call 7ff6dcd92c50 476->479 479->469 482 7ff6dcd92803-7ff6dcd9282a call 7ff6dcd95af0 479->482 485 7ff6dcd9286c-7ff6dcd92894 call 7ff6dcd960f0 call 7ff6dcd919d0 482->485 486 7ff6dcd9282c-7ff6dcd9283b call 7ff6dcd95af0 482->486 497 7ff6dcd9289a-7ff6dcd928b0 call 7ff6dcd919d0 485->497 498 7ff6dcd9297d-7ff6dcd9298e 485->498 486->485 492 7ff6dcd9283d-7ff6dcd92843 486->492 493 7ff6dcd9284f-7ff6dcd92869 call 7ff6dcda4138 call 7ff6dcd960f0 492->493 494 7ff6dcd92845-7ff6dcd9284d 492->494 493->485 494->493 510 7ff6dcd928f0-7ff6dcd928f3 497->510 511 7ff6dcd928b2-7ff6dcd928c5 call 7ff6dcd91c50 497->511 500 7ff6dcd92990-7ff6dcd9299a call 7ff6dcd924a0 498->500 501 7ff6dcd929a3-7ff6dcd929bb call 7ff6dcd96db0 498->501 513 7ff6dcd929db-7ff6dcd929e8 call 7ff6dcd94fa0 500->513 514 7ff6dcd9299c 500->514 515 7ff6dcd929ce-7ff6dcd929d5 SetDllDirectoryW 501->515 516 7ff6dcd929bd-7ff6dcd929c9 call 7ff6dcd91c50 501->516 510->498 512 7ff6dcd928f9-7ff6dcd92910 call 7ff6dcd92de0 510->512 511->469 526 7ff6dcd92912-7ff6dcd92915 512->526 527 7ff6dcd92917-7ff6dcd92943 call 7ff6dcd96360 512->527 524 7ff6dcd92a36-7ff6dcd92a3b call 7ff6dcd94f20 513->524 525 7ff6dcd929ea-7ff6dcd929fa call 7ff6dcd94c40 513->525 514->501 515->513 516->469 533 7ff6dcd92a40-7ff6dcd92a43 524->533 525->524 539 7ff6dcd929fc-7ff6dcd92a0b call 7ff6dcd947a0 525->539 530 7ff6dcd92952-7ff6dcd92968 call 7ff6dcd91c50 526->530 540 7ff6dcd92945-7ff6dcd9294d call 7ff6dcd9e60c 527->540 541 7ff6dcd9296d-7ff6dcd9297b 527->541 530->469 537 7ff6dcd92af6-7ff6dcd92b05 call 7ff6dcd92330 533->537 538 7ff6dcd92a49-7ff6dcd92a56 533->538 537->469 555 7ff6dcd92b0b-7ff6dcd92b42 call 7ff6dcd96080 call 7ff6dcd95af0 call 7ff6dcd94540 537->555 542 7ff6dcd92a60-7ff6dcd92a6a 538->542 553 7ff6dcd92a2c-7ff6dcd92a31 call 7ff6dcd949f0 539->553 554 7ff6dcd92a0d-7ff6dcd92a19 call 7ff6dcd94730 539->554 540->530 541->500 546 7ff6dcd92a73-7ff6dcd92a75 542->546 547 7ff6dcd92a6c-7ff6dcd92a71 542->547 551 7ff6dcd92ac1-7ff6dcd92af1 call 7ff6dcd92490 call 7ff6dcd922d0 call 7ff6dcd92480 call 7ff6dcd949f0 call 7ff6dcd94f20 546->551 552 7ff6dcd92a77-7ff6dcd92a9a call 7ff6dcd91b30 546->552 547->542 547->546 551->471 552->469 565 7ff6dcd92aa0-7ff6dcd92aab 552->565 553->524 554->553 566 7ff6dcd92a1b-7ff6dcd92a2a call 7ff6dcd94df0 554->566 555->469 578 7ff6dcd92b48-7ff6dcd92b7d call 7ff6dcd92490 call 7ff6dcd96130 call 7ff6dcd949f0 call 7ff6dcd94f20 555->578 570 7ff6dcd92ab0-7ff6dcd92abf 565->570 566->533 570->551 570->570 591 7ff6dcd92b7f-7ff6dcd92b82 call 7ff6dcd95df0 578->591 592 7ff6dcd92b87-7ff6dcd92b8a call 7ff6dcd91ab0 578->592 591->592 595 7ff6dcd92b8f-7ff6dcd92b91 592->595 595->471
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD92CD0: GetModuleFileNameW.KERNEL32(?,00007FF6DCD927C9,?,?,?,?,?,?), ref: 00007FF6DCD92D01
                                                                                                                                                                                                                                        • SetDllDirectoryW.KERNEL32 ref: 00007FF6DCD929D5
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD95AF0: GetEnvironmentVariableW.KERNEL32(00007FF6DCD92817,?,?,?,?,?,?), ref: 00007FF6DCD95B2A
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD95AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD95B47
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                        • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                        • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                        • Opcode ID: cda1d3e5af6f259c5f9a2f0a335d6599039ecfe805480d258e6d0267492e8153
                                                                                                                                                                                                                                        • Instruction ID: 98d5e7d401754daff819410f59658d840ac039d567c9ef9137ffa791faed1c8a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cda1d3e5af6f259c5f9a2f0a335d6599039ecfe805480d258e6d0267492e8153
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FC1952AB1D68B55FA25AB219C702FD6391BF44784F404233EA4DC769AEF2CE527C740
                                                                                                                                                                                                                                        Function 00007FF6DCD91050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 596 7ff6dcd91050-7ff6dcd910ab call 7ff6dcd99990 599 7ff6dcd910d3-7ff6dcd910eb call 7ff6dcda414c 596->599 600 7ff6dcd910ad-7ff6dcd910d2 call 7ff6dcd91c50 596->600 605 7ff6dcd91109-7ff6dcd91119 call 7ff6dcda414c 599->605 606 7ff6dcd910ed-7ff6dcd91104 call 7ff6dcd91c10 599->606 611 7ff6dcd91137-7ff6dcd91147 605->611 612 7ff6dcd9111b-7ff6dcd91132 call 7ff6dcd91c10 605->612 613 7ff6dcd9126c-7ff6dcd912a0 call 7ff6dcd99670 call 7ff6dcda4138 * 2 606->613 615 7ff6dcd91150-7ff6dcd91175 call 7ff6dcd9e95c 611->615 612->613 622 7ff6dcd9125e 615->622 623 7ff6dcd9117b-7ff6dcd91185 call 7ff6dcd9e6d0 615->623 625 7ff6dcd91264 622->625 623->622 630 7ff6dcd9118b-7ff6dcd91197 623->630 625->613 631 7ff6dcd911a0-7ff6dcd911c8 call 7ff6dcd97de0 630->631 634 7ff6dcd91241-7ff6dcd9125c call 7ff6dcd91c50 631->634 635 7ff6dcd911ca-7ff6dcd911cd 631->635 634->625 636 7ff6dcd911cf-7ff6dcd911d9 635->636 637 7ff6dcd9123c 635->637 639 7ff6dcd91203-7ff6dcd91206 636->639 640 7ff6dcd911db-7ff6dcd911e8 call 7ff6dcd9f09c 636->640 637->634 643 7ff6dcd91208-7ff6dcd91216 call 7ff6dcd9aec0 639->643 644 7ff6dcd91219-7ff6dcd9121e 639->644 645 7ff6dcd911ed-7ff6dcd911f0 640->645 643->644 644->631 647 7ff6dcd91220-7ff6dcd91223 644->647 648 7ff6dcd911fe-7ff6dcd91201 645->648 649 7ff6dcd911f2-7ff6dcd911fc call 7ff6dcd9e6d0 645->649 651 7ff6dcd91225-7ff6dcd91228 647->651 652 7ff6dcd91237-7ff6dcd9123a 647->652 648->634 649->644 649->648 651->634 654 7ff6dcd9122a-7ff6dcd91232 651->654 652->625 654->615
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                        • API String ID: 0-1655038675
                                                                                                                                                                                                                                        • Opcode ID: af04965e2dbcd0d8e1621cd66b39530d0b4f4ad9fcd8e07e4d45104bc70e5302
                                                                                                                                                                                                                                        • Instruction ID: 618e29be03fa10d9aa74cd99ccf574d5769b4d6e49720c729a84f48a335707c0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af04965e2dbcd0d8e1621cd66b39530d0b4f4ad9fcd8e07e4d45104bc70e5302
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0551C226B0C68A85EA60AB51AC603BE62A1FB89794F444333DD4DC7785EE3CE567C700
                                                                                                                                                                                                                                        Function 00007FF6DCDADF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF6DCDAE2CA,?,?,-00000018,00007FF6DCDAA383,?,?,?,00007FF6DCDAA27A,?,?,?,00007FF6DCDA54E2), ref: 00007FF6DCDAE0AC
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000,?,00007FF6DCDAE2CA,?,?,-00000018,00007FF6DCDAA383,?,?,?,00007FF6DCDAA27A,?,?,?,00007FF6DCDA54E2), ref: 00007FF6DCDAE0B8
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                        • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                                                                                                                                        • Instruction ID: 06d38a917f9b9968fa749bbc0ffef4d6e297cd358294ad048a9872febc215bca
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4741C321B19A1A49FA158B17AC0097D2391BF98B90F484336DD1DC7788EF3CE467C248
                                                                                                                                                                                                                                        Function 00007FF6DCDAB08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 682 7ff6dcdab08c-7ff6dcdab0b2 683 7ff6dcdab0b4-7ff6dcdab0c8 call 7ff6dcda6068 call 7ff6dcda6088 682->683 684 7ff6dcdab0cd-7ff6dcdab0d1 682->684 702 7ff6dcdab4be 683->702 686 7ff6dcdab4a7-7ff6dcdab4b3 call 7ff6dcda6068 call 7ff6dcda6088 684->686 687 7ff6dcdab0d7-7ff6dcdab0de 684->687 704 7ff6dcdab4b9 call 7ff6dcda9f10 686->704 687->686 689 7ff6dcdab0e4-7ff6dcdab112 687->689 689->686 693 7ff6dcdab118-7ff6dcdab11f 689->693 694 7ff6dcdab121-7ff6dcdab133 call 7ff6dcda6068 call 7ff6dcda6088 693->694 695 7ff6dcdab138-7ff6dcdab13b 693->695 694->704 700 7ff6dcdab141-7ff6dcdab147 695->700 701 7ff6dcdab4a3-7ff6dcdab4a5 695->701 700->701 706 7ff6dcdab14d-7ff6dcdab150 700->706 705 7ff6dcdab4c1-7ff6dcdab4d8 701->705 702->705 704->702 706->694 709 7ff6dcdab152-7ff6dcdab177 706->709 711 7ff6dcdab179-7ff6dcdab17b 709->711 712 7ff6dcdab1aa-7ff6dcdab1b1 709->712 715 7ff6dcdab1a2-7ff6dcdab1a8 711->715 716 7ff6dcdab17d-7ff6dcdab184 711->716 713 7ff6dcdab1b3-7ff6dcdab1db call 7ff6dcdacc2c call 7ff6dcda9f78 * 2 712->713 714 7ff6dcdab186-7ff6dcdab19d call 7ff6dcda6068 call 7ff6dcda6088 call 7ff6dcda9f10 712->714 745 7ff6dcdab1f8-7ff6dcdab223 call 7ff6dcdab8b4 713->745 746 7ff6dcdab1dd-7ff6dcdab1f3 call 7ff6dcda6088 call 7ff6dcda6068 713->746 743 7ff6dcdab330 714->743 717 7ff6dcdab228-7ff6dcdab23f 715->717 716->714 716->715 720 7ff6dcdab241-7ff6dcdab249 717->720 721 7ff6dcdab2ba-7ff6dcdab2c4 call 7ff6dcdb2abc 717->721 720->721 724 7ff6dcdab24b-7ff6dcdab24d 720->724 732 7ff6dcdab34e 721->732 733 7ff6dcdab2ca-7ff6dcdab2df 721->733 724->721 728 7ff6dcdab24f-7ff6dcdab265 724->728 728->721 735 7ff6dcdab267-7ff6dcdab273 728->735 741 7ff6dcdab353-7ff6dcdab373 ReadFile 732->741 733->732 737 7ff6dcdab2e1-7ff6dcdab2f3 GetConsoleMode 733->737 735->721 739 7ff6dcdab275-7ff6dcdab277 735->739 737->732 742 7ff6dcdab2f5-7ff6dcdab2fd 737->742 739->721 744 7ff6dcdab279-7ff6dcdab291 739->744 747 7ff6dcdab379-7ff6dcdab381 741->747 748 7ff6dcdab46d-7ff6dcdab476 GetLastError 741->748 742->741 750 7ff6dcdab2ff-7ff6dcdab321 ReadConsoleW 742->750 753 7ff6dcdab333-7ff6dcdab33d call 7ff6dcda9f78 743->753 744->721 754 7ff6dcdab293-7ff6dcdab29f 744->754 745->717 746->743 747->748 756 7ff6dcdab387 747->756 751 7ff6dcdab493-7ff6dcdab496 748->751 752 7ff6dcdab478-7ff6dcdab48e call 7ff6dcda6088 call 7ff6dcda6068 748->752 759 7ff6dcdab342-7ff6dcdab34c 750->759 760 7ff6dcdab323 GetLastError 750->760 764 7ff6dcdab329-7ff6dcdab32b call 7ff6dcda5ffc 751->764 765 7ff6dcdab49c-7ff6dcdab49e 751->765 752->743 753->705 754->721 763 7ff6dcdab2a1-7ff6dcdab2a3 754->763 757 7ff6dcdab38e-7ff6dcdab3a3 756->757 757->753 767 7ff6dcdab3a5-7ff6dcdab3b0 757->767 759->757 760->764 763->721 771 7ff6dcdab2a5-7ff6dcdab2b5 763->771 764->743 765->753 773 7ff6dcdab3b2-7ff6dcdab3cb call 7ff6dcdaaca4 767->773 774 7ff6dcdab3d7-7ff6dcdab3df 767->774 771->721 782 7ff6dcdab3d0-7ff6dcdab3d2 773->782 778 7ff6dcdab3e1-7ff6dcdab3f3 774->778 779 7ff6dcdab45b-7ff6dcdab468 call 7ff6dcdaaae4 774->779 783 7ff6dcdab44e-7ff6dcdab456 778->783 784 7ff6dcdab3f5 778->784 779->782 782->753 783->753 786 7ff6dcdab3fa-7ff6dcdab401 784->786 787 7ff6dcdab403-7ff6dcdab407 786->787 788 7ff6dcdab43d-7ff6dcdab448 786->788 789 7ff6dcdab423 787->789 790 7ff6dcdab409-7ff6dcdab410 787->790 788->783 792 7ff6dcdab429-7ff6dcdab439 789->792 790->789 791 7ff6dcdab412-7ff6dcdab416 790->791 791->789 793 7ff6dcdab418-7ff6dcdab421 791->793 792->786 794 7ff6dcdab43b 792->794 793->792 794->783
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                                                                                                                                                                                        • Instruction ID: 35429a853d7fd845f572f59b1eabc97a7ea8b901414c0c6c683f57eb138cecba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73C1D432B0C68AA5E7208B559840ABE3761EBE1B80F554337DA4DC3791CE7DE867C720
                                                                                                                                                                                                                                        Function 00007FF6DCDAC590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 872 7ff6dcdac590-7ff6dcdac5b5 873 7ff6dcdac883 872->873 874 7ff6dcdac5bb-7ff6dcdac5be 872->874 875 7ff6dcdac885-7ff6dcdac895 873->875 876 7ff6dcdac5c0-7ff6dcdac5f2 call 7ff6dcda9e44 874->876 877 7ff6dcdac5f7-7ff6dcdac623 874->877 876->875 879 7ff6dcdac62e-7ff6dcdac634 877->879 880 7ff6dcdac625-7ff6dcdac62c 877->880 881 7ff6dcdac644-7ff6dcdac659 call 7ff6dcdb2abc 879->881 882 7ff6dcdac636-7ff6dcdac63f call 7ff6dcdab950 879->882 880->876 880->879 887 7ff6dcdac65f-7ff6dcdac668 881->887 888 7ff6dcdac773-7ff6dcdac77c 881->888 882->881 887->888 891 7ff6dcdac66e-7ff6dcdac672 887->891 889 7ff6dcdac7d0-7ff6dcdac7f5 WriteFile 888->889 890 7ff6dcdac77e-7ff6dcdac784 888->890 892 7ff6dcdac800 889->892 893 7ff6dcdac7f7-7ff6dcdac7fd GetLastError 889->893 894 7ff6dcdac786-7ff6dcdac789 890->894 895 7ff6dcdac7bc-7ff6dcdac7ce call 7ff6dcdac048 890->895 896 7ff6dcdac674-7ff6dcdac67c call 7ff6dcda3830 891->896 897 7ff6dcdac683-7ff6dcdac68e 891->897 898 7ff6dcdac803 892->898 893->892 899 7ff6dcdac7a8-7ff6dcdac7ba call 7ff6dcdac268 894->899 900 7ff6dcdac78b-7ff6dcdac78e 894->900 920 7ff6dcdac760-7ff6dcdac767 895->920 896->897 902 7ff6dcdac690-7ff6dcdac699 897->902 903 7ff6dcdac69f-7ff6dcdac6b4 GetConsoleMode 897->903 905 7ff6dcdac808 898->905 899->920 906 7ff6dcdac814-7ff6dcdac81e 900->906 907 7ff6dcdac794-7ff6dcdac7a6 call 7ff6dcdac14c 900->907 902->888 902->903 910 7ff6dcdac76c 903->910 911 7ff6dcdac6ba-7ff6dcdac6c0 903->911 913 7ff6dcdac80d 905->913 914 7ff6dcdac820-7ff6dcdac825 906->914 915 7ff6dcdac87c-7ff6dcdac881 906->915 907->920 910->888 918 7ff6dcdac749-7ff6dcdac75b call 7ff6dcdabbd0 911->918 919 7ff6dcdac6c6-7ff6dcdac6c9 911->919 913->906 921 7ff6dcdac853-7ff6dcdac85d 914->921 922 7ff6dcdac827-7ff6dcdac82a 914->922 915->875 918->920 925 7ff6dcdac6d4-7ff6dcdac6e2 919->925 926 7ff6dcdac6cb-7ff6dcdac6ce 919->926 920->905 931 7ff6dcdac85f-7ff6dcdac862 921->931 932 7ff6dcdac864-7ff6dcdac873 921->932 929 7ff6dcdac843-7ff6dcdac84e call 7ff6dcda6044 922->929 930 7ff6dcdac82c-7ff6dcdac83b 922->930 927 7ff6dcdac740-7ff6dcdac744 925->927 928 7ff6dcdac6e4 925->928 926->913 926->925 927->898 933 7ff6dcdac6e8-7ff6dcdac6ff call 7ff6dcdb2b88 928->933 929->921 930->929 931->873 931->932 932->915 938 7ff6dcdac701-7ff6dcdac70d 933->938 939 7ff6dcdac737-7ff6dcdac73d GetLastError 933->939 940 7ff6dcdac70f-7ff6dcdac721 call 7ff6dcdb2b88 938->940 941 7ff6dcdac72c-7ff6dcdac733 938->941 939->927 940->939 945 7ff6dcdac723-7ff6dcdac72a 940->945 941->927 943 7ff6dcdac735 941->943 943->933 945->941
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6DCDAC57B), ref: 00007FF6DCDAC6AC
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6DCDAC57B), ref: 00007FF6DCDAC737
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                                        • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                                                                                                                                        • Instruction ID: 33fc9d9aba2d5ca529846864229ffa71a0a164fb5ea9c088f16cc00a6b96e1db
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7491B532F1865985FB549F69884067D2BA0BBE4B98F144236DE0ED7A94DF39D453C700
                                                                                                                                                                                                                                        Function 00007FF6DCDAE95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                                        • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                                                                                                                                        • Instruction ID: aaf7b8d3702ad1fc2596cc7a2f4da24c925590862f46f4dff4d4e23e4cb834d6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51E772F0421A8AEB14CF249D59ABC67A1ABA4359F540336DD1ED6EE5DF38A423C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                                        • Opcode ID: 81de7022a69b47ce39b5392d1784fece2718e2d2aab2765227a8e407644b98c7
                                                                                                                                                                                                                                        • Instruction ID: 69f602d3f6aee50e34a10de7a14795c5eb7650fc19a7c1520a1d7feae4de8e4a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81de7022a69b47ce39b5392d1784fece2718e2d2aab2765227a8e407644b98c7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B251A122F086458AFB10DF71D8517BD33A1AB94B58F20923ADE4DD7649DF38D466C348
                                                                                                                                                                                                                                        Function 00007FF6DCDA46E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                        • Opcode ID: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                                                                                                                                        • Instruction ID: 6e39eadbe48cbf4ed00cbe09cdd4ffc9958057a96bf18e9a2b7675044b9ebbb5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6241A122E1878583E7509B60991077D7260FBE5764F109336E69C83AD6DF7CA5B2C740
                                                                                                                                                                                                                                        Function 00007FF6DCD9A51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3058843127-0
                                                                                                                                                                                                                                        • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                                        • Instruction ID: f964884fbe0390106829a4d2ac8a771e1d0dcfbc825b79f3cd4b810a30919c84
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6314D1AF0C60A42FA50AB659C613BD2391AF81784F644737E90DC72D3DE3DA867C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA89E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                        • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                                                                                                                                        • Instruction ID: cc794eac67c1e13f3b28041e95e95519925e01e1a46b7f49edc8bf52d35a95d8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBD09210F0874A86EB582B709C9567D22625FA8751F20273ACC4FC6397CE3DE8AFC240
                                                                                                                                                                                                                                        Function 00007FF6DCD9E6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: a3600ff4682811ddeb36fb761298261c2e9791cf1ca8f4758584451e9995ac85
                                                                                                                                                                                                                                        • Instruction ID: a8027534bfd65590c95dd72046ae59e61b62083b39c68e6dfb972e1668906f35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3600ff4682811ddeb36fb761298261c2e9791cf1ca8f4758584451e9995ac85
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84513729B096498AE7689F669C1067E6281BF84BA4F184736DD7CC3BC5DF3CD623C601
                                                                                                                                                                                                                                        Function 00007FF6DCDABA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileHandleType
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3000768030-0
                                                                                                                                                                                                                                        • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                                        • Instruction ID: ee2c20e091307d93c4e2bd904838c7b6bda86bf38fd9df7eae5559fbdab9f596
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62317431B18B4A51D7608B14899057C2A50EB95BB0F68133ADB6EC73E4CF39E4B3D311
                                                                                                                                                                                                                                        Function 00007FF6DCDAB764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6DCDAB750,00000000,?,?,?,00007FF6DCD91023,00007FF6DCDAB859), ref: 00007FF6DCDAB7B0
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00007FF6DCDAB750,00000000,?,?,?,00007FF6DCD91023,00007FF6DCDAB859), ref: 00007FF6DCDAB7BA
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                        • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                                        • Instruction ID: 5db352bd69a30081b5c04189d19a4bb0626f6cbd794702ad4c58676d3b300f83
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A110172B08B8681DA509B26A80406D6361EB90BF4F645332EE7D8B7D8CE7CD062C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA49E4 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCDA48F9), ref: 00007FF6DCDA4A17
                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCDA48F9), ref: 00007FF6DCDA4A2D
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                        • Opcode ID: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                                                                                                                                        • Instruction ID: bdb51a254920368aac599a4577d5d79d09f814dee0df77be235797065ba7e236
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0411B23270C65681EB248B10A85113EB7A0EBC0764F501337E6ADC1AD8EF3CD025DB00
                                                                                                                                                                                                                                        Function 00007FF6DCDA6AE8 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCDA6965), ref: 00007FF6DCDA6B0B
                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCDA6965), ref: 00007FF6DCDA6B21
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                        • Opcode ID: 4979fb33e8de5b56483d857dcf3248564858e1df126649fde4a887e8262e5eb8
                                                                                                                                                                                                                                        • Instruction ID: e529f6a31bf8a7a180704e0a416fbabb95020e7a05716853bf80fdcadc2d2f45
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4979fb33e8de5b56483d857dcf3248564858e1df126649fde4a887e8262e5eb8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3018B22A0C655C6E7608B14E80223EB7B1FB85B21F600337E7AD819E8DF3DD022DB00
                                                                                                                                                                                                                                        Function 00007FF6DCDA9F78 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F8E
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F98
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                        • Opcode ID: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                                                                                                                                                                                        • Instruction ID: 875c7d0adfac7489b1da5e153d88f91d877fa6a0e04c7c4150bd8be363b767e0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0E08C90F0E60A82FF18AFF29C4447D12A29FE8700F040236CD0DC6251EE3CA8ABC210
                                                                                                                                                                                                                                        Function 00007FF6DCDA70D4 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2018770650-0
                                                                                                                                                                                                                                        • Opcode ID: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                                                                                                                                                                                        • Instruction ID: 5c508552c0730e8c364aff105c1153cee5568acbf3c6c3bf3538ebfb4c526146
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AD01214F1E90B81E61427761C4587E16F11FA4724F610736D42DC02D1EE3CA0FBC501
                                                                                                                                                                                                                                        Function 00007FF6DCDA6850 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 377330604-0
                                                                                                                                                                                                                                        • Opcode ID: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                                                                                                                                                                                        • Instruction ID: e7b141c5d6fab0fa650537fe3b44851f59dc7d873ae8ff7191870e544050039c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BED0CA14F1DA0B82EA182BB21C0587D11B52FA8720FA00736C02EC12E1EF3CA4AB9201
                                                                                                                                                                                                                                        Function 00007FF6DCDAA188 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF6DCDAA005,?,?,00000000,00007FF6DCDAA0BA), ref: 00007FF6DCDAA1F6
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6DCDAA005,?,?,00000000,00007FF6DCDAA0BA), ref: 00007FF6DCDAA200
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                        • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                                        • Instruction ID: 036cf7084ebe08d5f0e89ce5d698d2f87a5efa07f55a4a6e92dca1de41530376
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8218121F1864B41FEA097619C9467E22929FE47A4F25433BDA2EC77C5CE7CA467CB00
                                                                                                                                                                                                                                        Function 00007FF6DCD95DF0 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2772937645-0
                                                                                                                                                                                                                                        • Opcode ID: 181f2765e85eb4e7ebd6c50f12fb6341e80b998725aa5779b2beb13a577095ea
                                                                                                                                                                                                                                        • Instruction ID: 3ad5272c510c710811c1cc1f83933464bdb3d97ac23337a03e3284c4aebb02b9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 181f2765e85eb4e7ebd6c50f12fb6341e80b998725aa5779b2beb13a577095ea
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F71A253E18AC981E611CB2CD9152FD6360F7A9B4CF54E326DB9C52592EF38E2D6C300
                                                                                                                                                                                                                                        Function 00007FF6DCDAB4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                                        • Instruction ID: 27237e72f8d0cc4eadd41473b8436f194f871a33f3d36f745a28d33aa5dc161f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141C432B0824997EA24CB19A95067D77A0EBA6B50F141333D68EC76D4CF2CE423CB61
                                                                                                                                                                                                                                        Function 00007FF6DCD96360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                        • Opcode ID: 993a316b67e1a5470b37351ffa5bd549d8cb4e822877a3b89e8fb3a25b8ef871
                                                                                                                                                                                                                                        • Instruction ID: dd2a13ae4cd0ceeb443185c55fc633b4afabdda22c4add5f785141af53e94312
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 993a316b67e1a5470b37351ffa5bd549d8cb4e822877a3b89e8fb3a25b8ef871
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D121E425B0C69A55EA509B926D207BEA650BF45FC4F8C4136EE0C87786CE3CE123C300
                                                                                                                                                                                                                                        Function 00007FF6DCDAAF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: ff4bd6b019ced27284b6fa2760217448de45b7808968d4935831090a049e7df0
                                                                                                                                                                                                                                        • Instruction ID: b5e5c1212493c43bdfbbcca15076587590be56a84650d918c1b80aac75dc20a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff4bd6b019ced27284b6fa2760217448de45b7808968d4935831090a049e7df0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D31C462F1860A81E7155B968C41B7D2690ABE4B94F510337EA1DC33D2DF7DE4A3C724
                                                                                                                                                                                                                                        Function 00007FF6DCDA8919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                                        • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                                                                                                                                        • Instruction ID: 322b6ee638fd36931c6f7ff6dd18496ef070cb608ad99d842d2f7249dd20f3d0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE219C32B0470A8AEB249F64CC406FC37A0EB94318F281736DA5D86AC5DF38D5A6C785
                                                                                                                                                                                                                                        Function 00007FF6DCDA5538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                                        • Instruction ID: 567611d89a80e79597e7beda9a12690d57d8d395da456972665fe9d1d71165df
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B411C621B1CA4985EA609F419C00A7EA260BFE5B80F544637EB8CD7A86DFBDD463D740
                                                                                                                                                                                                                                        Function 00007FF6DCDB57DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                                        • Instruction ID: b26ed1c8c2329e468c0a4832950c435b49a27462b9a921309322ae00f7d4f1ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4321AF32B08A8687DB618F18D84036DB6B1EB94B54F544336E65DC76D9EF3CD422CB00
                                                                                                                                                                                                                                        Function 00007FF6DCD9E97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                                        • Instruction ID: 12f024d665836bef80bf7cc197101155d0918f517726b77ed6e871350405b951
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F201E125B08B5980EA44AB529C0006DA691AB96FE0F084B32EE6C97BD6CF3CD563C300
                                                                                                                                                                                                                                        Function 00007FF6DCDA64DC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                                                                                                                                                                                        • Instruction ID: 4dac245d4be0675049dc3b5c157b05709981199efc2d85139b5058cadf85ed60
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF016D60F0D64A80FE606BA55E4497D12A0AFE4794F180737EA2DC26CADF2CE463C600
                                                                                                                                                                                                                                        Function 00007FF6DCDA6818 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                                                                                                                                                                                        • Instruction ID: fcb7d4905626ac3a5e022e6f0e937a7babc531a22c5fbdec678fe20e1a311b3c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3E08C90F0820EC2F6183AF50C8297D2024CFF8300F400236DA08C62C7DE1DA8ABC220
                                                                                                                                                                                                                                        Function 00007FF6DCD96490 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 377330604-0
                                                                                                                                                                                                                                        • Opcode ID: 084d7b594bcd28fb49fbeb931c26155fa6ca1cda91761dc2622677426efca5d5
                                                                                                                                                                                                                                        • Instruction ID: efc131325399877366e8228dc2d174c6b9e2258f9c0f4ab52bdd19b77dbd9288
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 084d7b594bcd28fb49fbeb931c26155fa6ca1cda91761dc2622677426efca5d5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E441761AE1C68981EA919B6499112FC6360FBA5744F55A333DF8D92157EF28E2EAC300
                                                                                                                                                                                                                                        Function 00007FF6DCDADEB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF6DCDAAA16,?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E), ref: 00007FF6DCDADF0D
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                        • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                                        • Instruction ID: 2231ca06321b8b36e7baad2e4ac933e18a680e3e5ef1076cb2623e58681b4faf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BF04944B0A24B80FE595B625C10ABE22A15FE8B40F5C4633DA0EC62D5DE3CE6A3C220
                                                                                                                                                                                                                                        Function 00007FF6DCDACC2C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF6DCD9F1E4,?,?,?,00007FF6DCDA06F6,?,?,?,?,?,00007FF6DCDA275D), ref: 00007FF6DCDACC6A
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                        • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                                                                                                                                        • Instruction ID: 77edeaa99089d582e370231971fc498b88bff9b65a9b78ca9fbb3cf53362c192
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69F05851B0924EA1FE296AB65D40A7E12908FE57B0F084336DC2EC62D1DE2EA4A3C210

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 00007FF6DCD92F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD92F36
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD92F75
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD92F9A
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD92FBF
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD92FE7
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD9300F
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD93037
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD9305F
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD93087
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                                        • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                                        • API String ID: 190572456-3109299426
                                                                                                                                                                                                                                        • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                                                                                                                                        • Instruction ID: 0da6f045668b21b09ac627b47de08a622fe08fbb33fe7f983092419de990946f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E42CA64B0DB0F91EA159B0AAD5417D62B2AF08780F945377D84E86368FF7CA56AD300
                                                                                                                                                                                                                                        Function 00007FF6DCDB324C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                        • Opcode ID: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                                                                                                                                                                                        • Instruction ID: 00249347cfb7291a2a2b01e228034088a153b613ee5e99a44e791dea29c70f77
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07B2D372B1828A8BE724CE65D840BFD77B2FB54784F505236DA0D97A84DF38E912DB40
                                                                                                                                                                                                                                        Function 00007FF6DCD96670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(WideCharToMultiByte,00007FF6DCD91CE4,?,?,00000000,00007FF6DCD96904), ref: 00007FF6DCD96697
                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32 ref: 00007FF6DCD966C6
                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32 ref: 00007FF6DCD9671C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD91CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6DCD96904,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD91CD7
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                        • API String ID: 2383786077-2573406579
                                                                                                                                                                                                                                        • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                                                                                                                                        • Instruction ID: a262a97cab8e561bfd14fd532d9978910be5cd48ae38d6c6eaa8f3f405be892c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45214175B1CA4A81EB609B55EC5426D6376FB98384F840237D54DC26A8EF3CE16BC700
                                                                                                                                                                                                                                        Function 00007FF6DCD9AA2C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                                        • Opcode ID: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                                                                                                                                        • Instruction ID: 50cd9fd572e10ad33d9a0c90ecbc869726d9764d52b72a0b2ec85a4ce3f7593d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20316A76708A859AEB608F60E8903ED73B5FB84748F54413BDA4E87A98DF38C659C710
                                                                                                                                                                                                                                        Function 00007FF6DCDA9C44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                                        • Opcode ID: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                                                                                                                                        • Instruction ID: 51662f5b7963ee1dce2b95f7fa74a3551693b832dc6a1173c138ec02001dbb3a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D315E36718F8596DB608F25E8406AE73A4FB88794F500236EA9D83B58DF38C166CB00
                                                                                                                                                                                                                                        Function 00007FF6DCDB0A34 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                                        • Opcode ID: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                                                                                                                                                                                        • Instruction ID: 52945c5237517f822f5d53255dc09f91f8fa71ba95f96c7ae0731abff818416e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB1A6A2B1869A41EA619B259C005BD63B2EB54BD4F545333EA5E87BC5DF3CF453C300
                                                                                                                                                                                                                                        Function 00007FF6DCDB2DB0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                                        • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                        • Instruction ID: 79567482ef3cda01efaddd9689e9c0d933f61f8822c118940c9f2bb21040e5c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00C11A72B1868987D724CF16A44466EB7A2F788784F448236DB4E87744DF3DF812CB00
                                                                                                                                                                                                                                        Function 00007FF6DCDB8BE8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                                        • Opcode ID: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                                                                                                                                                                                        • Instruction ID: cde994d6b9c7348a880ff1bc5b2f03597a205ab1921f152df620a3ece3c76516
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40B12B77A04B898AEB55CF29CC4636C77B1F744B48F258A22DA5D877A4CF39D462C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA2A18 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                                                        • Opcode ID: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                                                                                                                                                                                        • Instruction ID: 5bced1cc744811076f31cd956f61d7e3f8d149c20dc63b07a2726f8e6e6bb41e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEE18632B4864A86DB6A8F26895093D3360FFA5B44F145336DA4EC769DDF39D863C340
                                                                                                                                                                                                                                        Function 00007FF6DCDAD1F8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                                                        • Opcode ID: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                                                                                                                                                                                        • Instruction ID: 78234c0a142ccbb9c82468bfdd0123e3cb25f33ae11725f08d22dc62f5fd24f7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65515962B186C946E7258F359C01B6EBB91E794B94F088332CBA8C7AD5CF7DD456C700
                                                                                                                                                                                                                                        Function 00007FF6DCDACD64 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                                        • Opcode ID: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                                                                                                                                                                                        • Instruction ID: 4227b4830523dcfc7fcd98087ce3cb4c41ad66e8a0041655a363b1d6426f14cf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34A11562B0978946EF21CF269810BADB791ABA4B94F058233DA8DC7785DE3ED512C701
                                                                                                                                                                                                                                        Function 00007FF6DCDA70FC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                        • Opcode ID: 549cbbde4d05edb679bd0e1e8d8321e2e2e00e2b49b4b0b32e90adc79d383972
                                                                                                                                                                                                                                        • Instruction ID: ba2ecc7945befee4e16523853561d6751a96f378ebb9bec5a0d3d3ff933214e9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 549cbbde4d05edb679bd0e1e8d8321e2e2e00e2b49b4b0b32e90adc79d383972
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E551CF01F0860A41FA64AB265D1097E52D1AFE5BC8F495237DE0DC77D6EE3CE423CA00
                                                                                                                                                                                                                                        Function 00007FF6DCDB2620 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                        • Opcode ID: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                                                                                                                                                                                        • Instruction ID: d031d7e3ad8816248ac323d84d7cb2a4cdbf041916171fdc987f57a18de36274
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3B09220F07B0AC2EE082B616C8261822B5BF88B10F98023AC00D80320DF3C60BB9B10
                                                                                                                                                                                                                                        Function 00007FF6DCDA21DC Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                                                                                                                                                                                        • Instruction ID: ec4ff8f5c7edbeace1e0c9ad949b3d39466210ca574fd533a5bc0951dfa3ef05
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDE1E672B4860A85E76A8A2AC954B7D3791ABA6754F144337CE4DC66DCCF3CE863C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA2614 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                                                                                                                                                                                        • Instruction ID: 4daf75f4eef064fc76b242554ea00cd2c3bf120c24479a8caced6a2b396ac1d7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CD1E722B4864A45EB6E8B268850A7D23A0FBA5B48F144337CE0DC76D9CF3DD967D740
                                                                                                                                                                                                                                        Function 00007FF6DCD97420 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                                                                                                                                                                                        • Instruction ID: e6c4674a3cafd6cc5b2f6bee1edd3224a4453c22b6538ec58a7cee6bca989ed6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AC1E8722241E04BE688EB29F85987E33D2F788309FD9403AEB8747785CA3DE415DB50
                                                                                                                                                                                                                                        Function 00007FF6DCDA132C Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                                                                                                                                                                                        • Instruction ID: 2b96682b6a3ab001c728f2497fb752d091c5f4eb77cf0c77d348d7203002e80c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12B19372B08649C9E7648F39C85067D3BA4EBA5B48F18523BCA4EC7395CF79D462C701
                                                                                                                                                                                                                                        Function 00007FF6DCDA16C4 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                                                                                                                                                                                        • Instruction ID: 5794d62a9ed8f319a4aedc6e0c7cc2941dbe44d28c4c5166e133920b76e467eb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57B18072B08789C5E7698F39C850A7C3BA0E7A5B48F281236CA4EC7395CF39D462C745
                                                                                                                                                                                                                                        Function 00007FF6DCDAD878 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                                                                                                                                                                                        • Instruction ID: 3c9f5eb9f080f2868e7d4cbf09c286918d3d693f92807a1c1ba83c33c7f37bf7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B81B272B0868586EB64CB199880B7D66A0FBA9794F544336DA9DC3B99CF3DD411CB00
                                                                                                                                                                                                                                        Function 00007FF6DCDB58A0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 2033a98ce9b9ae1b6fcbd26cbe8033cb2e42881aa268c02d842b0e820a1bc4f5
                                                                                                                                                                                                                                        • Instruction ID: ca5558e7539339952ffa892d29cf2a0f499bcb0f08ff046b720d0d9a5537817d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2033a98ce9b9ae1b6fcbd26cbe8033cb2e42881aa268c02d842b0e820a1bc4f5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9961FA22F1839645FB658A288CD063D65A2AF60770F58033BD65ED76C5FE6DF862C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA0764 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                                                                                                                                                                                        • Instruction ID: c0d8b93348406fce361f7194a37f518444cc18c55bf74b9d722809ddd31ce7be
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06519836B1965585E7248B29C440A3C77A0EBA4B58F244232CE4ED7795CF3AFC63C784
                                                                                                                                                                                                                                        Function 00007FF6DCD9FF44 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                                                                                                                                                                                        • Instruction ID: b6eda0efdf2ce4d034d4c1e741d69cb88c1b094229651db832a7912a964b5b81
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65518336B18A5986E7248F29C45063C37A1EB95B58F244233DE4ED7794CF3AE863C740
                                                                                                                                                                                                                                        Function 00007FF6DCDA0354 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                                                                                                                                                                                        • Instruction ID: f7df65d7d28bff96da9a008538e9837062f75d9a87cd4f9609ea76742f986b25
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2519536B1865986E7248B29C44063C37A0FBA5B68F244236CE4ED7795CF7AF863C740
                                                                                                                                                                                                                                        Function 00007FF6DCDA0560 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                                                                                                                                                                                        • Instruction ID: cc7157523e6592b6080fd0d37ed8c9cf4342b630d96e79c331935d65c1bb98ba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C518936B1465986E7648B19C45063D27A0EBD9B58F284232CE4ED77A5CF3AF863C740
                                                                                                                                                                                                                                        Function 00007FF6DCD9FD40 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                                                                                                                                                                                        • Instruction ID: ec70cb3bdb000e8e5d3bae45f3a98b02720a01cb8958b63aa8da3a5b606fdad6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F51843BB1865985E7648F29C45037C37A0EB45B58F244232EE4D977A5CF3AE863C780
                                                                                                                                                                                                                                        Function 00007FF6DCDA0150 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                                                                                                                                                                                        • Instruction ID: fc39254a42eb44e8072f2f1112a86b2eee5bd173783a91f8d8ac8e6c3716bd1f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A51D532B1965582E7248B28C840A7D37A1EBA5B58F244233CE4ED7794CF3AF863C740
                                                                                                                                                                                                                                        Function 00007FF6DCDA4FC0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                                                                                                                                                                                        • Instruction ID: d049dd852eb5a592f41b78d932ae4121a7c7a165bea4af8642a409d60729633e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0941B292F49E4E04E99689190D00EBC36809FB2BA4D5863B7DD9FD33C7ED0D65A7C244
                                                                                                                                                                                                                                        Function 00007FF6DCDA8D00 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                        • Opcode ID: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                                                                                                                                                                                        • Instruction ID: 9a1dd86e747473e1af11974861507c4e04301592209f00d51eea28fed6c35e2e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41CF62B14A5882EF04CF2ADD145ADA3A1BB98FD0B189233EE0DC7B58DE3CC1528340
                                                                                                                                                                                                                                        Function 00007FF6DCDA66C4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: ff02aa40d47e1f81f312e06ee07fce20c9eb6e0e746124aa9fd8eb4087d69ca8
                                                                                                                                                                                                                                        • Instruction ID: ecb50dfc135e8c7d7a14eaeba2dfd85e633a79cdc129d44baa6a08b629f7712e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff02aa40d47e1f81f312e06ee07fce20c9eb6e0e746124aa9fd8eb4087d69ca8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69319232718B4681E6549F65AC4052E66D5ABD4BA0F14433AEA99D3B95DF3CD0238704
                                                                                                                                                                                                                                        Function 00007FF6DCDB8A30 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                                                                                                                                                                                        • Instruction ID: 10d52d7b57d1d9710d8585963a2417c3657c2085e26edc0ae987e772357db4d2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00F06871B183568ADB988F6DAC4262D77D0F7883C0F50813AD68DC3B04DA3C9061CF14
                                                                                                                                                                                                                                        Function 00007FF6DCD9ABD4 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                        • Opcode ID: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                                                                                                                                                                                        • Instruction ID: 40ee4f2579d5226063dee31f62f941aa3b66c7907d17f530f7b0d9f28d4d5410
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23A0012AB0890AE0E6849B00AC600382336BB55344B640233D04D810A0EE3CA862C240
                                                                                                                                                                                                                                        Function 00007FF6DCD94730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                        • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                        • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                                        • Opcode ID: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                                                                                                                                        • Instruction ID: 4a6f9a74e6148a37c9f118831dd3059f0462bfd47b7c71c7bbd0b34fcbec960f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92E1C768B0DB0B90EE559B19AC6017C23B2BF84780BA45337D84E86264FF7CE57AD311
                                                                                                                                                                                                                                        Function 00007FF6DCD96BF0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32 ref: 00007FF6DCD96C2C
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD91CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6DCD96904,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD91CD7
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                                                                                                                                        • API String ID: 203985260-1562484376
                                                                                                                                                                                                                                        • Opcode ID: 3649c6f93bb09270b823ff22ec7b0eec6d42e79460650eefbf3c7b929506c9f8
                                                                                                                                                                                                                                        • Instruction ID: 4268ad2b3dd8a94214b8906cfe0f7f06dc5898c362a1d7da5330633dcc458233
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3649c6f93bb09270b823ff22ec7b0eec6d42e79460650eefbf3c7b929506c9f8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0418425B0CA4A81EA60DB51AC6117E66A2FF94BD0F544737E95DC7AA5EF3CE123C300
                                                                                                                                                                                                                                        Function 00007FF6DCD9F5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                        • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                                                                                                                                        • Instruction ID: 0dd1a3be861cdb342ac9271eb922f698d7fa1ab70259908bf729b52a0901386b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C612812AF0C24B96FB206F14D8647BE7651EB80754F944237F699866C4DF7CE5A2CB00
                                                                                                                                                                                                                                        Function 00007FF6DCD912B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 0-3659356012
                                                                                                                                                                                                                                        • Opcode ID: 66106678d73968f8f9bf7a6153e1cbcb228120b56c71b69a984f9e797006a6c3
                                                                                                                                                                                                                                        • Instruction ID: 84e3ef44cd931de6c2ee74e7be59074af3b249059ac95e991ee9b77e548dd079
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66106678d73968f8f9bf7a6153e1cbcb228120b56c71b69a984f9e797006a6c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF416D65B08A4B81EA24EB11EC606BEA3B1EB487D0F544633DE4D87B55EE3CE563C300
                                                                                                                                                                                                                                        Function 00007FF6DCD9CF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                                        • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                                                                                                                                        • Instruction ID: fb6da5f67650eac0fdacfc485255523653360feb2860476d1c1898e367f745af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74E19236B087498AEB209F65D8503AD77A0FB85798F104237EE4D97B95CF38E4A2C701
                                                                                                                                                                                                                                        Function 00007FF6DCD967C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD9685F
                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD968AF
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                        • API String ID: 626452242-27947307
                                                                                                                                                                                                                                        • Opcode ID: 8d77172852237fffccb974c6d54fb7d37946d1ed41806d5f964de7f541550d5e
                                                                                                                                                                                                                                        • Instruction ID: 29ad831dbce589e76fc1cfdfdd2bcaecc1337b2f5dac39c8e6ac00af0058da20
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d77172852237fffccb974c6d54fb7d37946d1ed41806d5f964de7f541550d5e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55419F36B08B8686EA60DF51BC5016EA7B5FB84B90F544236DA8D83B94DF3CE467C700
                                                                                                                                                                                                                                        Function 00007FF6DCD96EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00007FF6DCD92D35,?,?,?,?,?,?), ref: 00007FF6DCD96F01
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD91CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6DCD96904,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD91CD7
                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00007FF6DCD92D35,?,?,?,?,?,?), ref: 00007FF6DCD96F75
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                        • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                        • API String ID: 1717984340-27947307
                                                                                                                                                                                                                                        • Opcode ID: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                                                                                                                                        • Instruction ID: 1c977fa5e9fcadb650ba4a891a5203189f180811a9ed1d46e98b9a460bfab2d7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31215E25B18B4A85EB509F56AC5007DB7A2BB84B90F544737DA4EC37A4EF3CE526C300
                                                                                                                                                                                                                                        Function 00007FF6DCDA93C4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: f$p$p
                                                                                                                                                                                                                                        • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                        • Opcode ID: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                                                                                                                                        • Instruction ID: ce81f85299b0a5477b5b2d11d2085aafa2dff90bb368ef3ad952690a777490e0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8512B122F0C14B86FB24AE15A854ABD7691EBE0750F984237E689C76C4DF3CE5A3C714
                                                                                                                                                                                                                                        Function 00007FF6DCD96FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                        • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                        • API String ID: 626452242-876015163
                                                                                                                                                                                                                                        • Opcode ID: 9e091cbaac830d0070f3842cc1d5ec76c8d2d2f90cb19691d00490de1532936c
                                                                                                                                                                                                                                        • Instruction ID: 9b61b2d38f22a4136f06e3843617a6a062c031c0993fd7b6996d7f0cb97ea1d9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e091cbaac830d0070f3842cc1d5ec76c8d2d2f90cb19691d00490de1532936c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53418236B08B4682E610DF15AC5017D66B5FB84B90F554236EE8D87BA4DF3CE463C700
                                                                                                                                                                                                                                        Function 00007FF6DCD955E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD96DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD96DEA
                                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6DCD9592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6DCD9563F
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6DCD95653
                                                                                                                                                                                                                                        • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6DCD9569A
                                                                                                                                                                                                                                        • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6DCD95616
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                                                                                        • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                        • API String ID: 2001182103-3498232454
                                                                                                                                                                                                                                        • Opcode ID: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                                                                                                                                                                                        • Instruction ID: 6f8dc03e10eb2705a9597356102e28b175d812b42567860c2d7104b266d1b878
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A631B855B1D78A90FA24E721ED612BE5261AF987C0F840737DA0ED2796FE3CE126C700
                                                                                                                                                                                                                                        Function 00007FF6DCD9C248 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF6DCD9C4FA,?,?,?,00007FF6DCD9C1EC,?,?,00000001,00007FF6DCD9BE09), ref: 00007FF6DCD9C2CD
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6DCD9C4FA,?,?,?,00007FF6DCD9C1EC,?,?,00000001,00007FF6DCD9BE09), ref: 00007FF6DCD9C2DB
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF6DCD9C4FA,?,?,?,00007FF6DCD9C1EC,?,?,00000001,00007FF6DCD9BE09), ref: 00007FF6DCD9C305
                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF6DCD9C4FA,?,?,?,00007FF6DCD9C1EC,?,?,00000001,00007FF6DCD9BE09), ref: 00007FF6DCD9C34B
                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF6DCD9C4FA,?,?,?,00007FF6DCD9C1EC,?,?,00000001,00007FF6DCD9BE09), ref: 00007FF6DCD9C357
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                        • Opcode ID: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                                                                                                                                        • Instruction ID: 3d47087a7f16d5634fd5f04659b0db42c4adae634c325f0c060a05d4f58421a7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A319E29B1A64A91EE519B02AC1067D33A4FF89BA0F594736DD1DCB394EF3CE466C700
                                                                                                                                                                                                                                        Function 00007FF6DCD96DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD96DEA
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD91CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6DCD96904,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD91CD7
                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD96E70
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                        • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                        • API String ID: 1717984340-876015163
                                                                                                                                                                                                                                        • Opcode ID: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                                                                                                                                        • Instruction ID: 16aca73da49b66a1911fc3872c2b252facad10fa680c54237da8bded00c576e8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3212325B08A4681EB50DB19FC5016DA772BB88BC4F584236DB4CD3BA9EE2CE562C700
                                                                                                                                                                                                                                        Function 00007FF6DCDAA780 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA78F
                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA7A4
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA7C5
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA7F2
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA803
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA814
                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F,?,?,?,00007FF6DCDA9473), ref: 00007FF6DCDAA82F
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                        • Opcode ID: 69b8ad2768efc01d88fd7f8132853dff404c26667984aa111fd74584065afc1c
                                                                                                                                                                                                                                        • Instruction ID: 813202fbd55215db52d80bfae9d8d18a7473009d60fce0484ea63ecc117d20aa
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69b8ad2768efc01d88fd7f8132853dff404c26667984aa111fd74584065afc1c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB214C20F0C24A42FA5867715E4197E62625FE87A0F244737E93EC7ACADE3CA463C601
                                                                                                                                                                                                                                        Function 00007FF6DCDB70EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                        • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                                                                                                                                        • Instruction ID: eb9fd2c5fd58dad780a197df55c91b50d11be002bdce5c64973f8e4188b0562f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC118E21B18A4986E3508B02EC5432D62B2FB98BE4F140336EA5DC7B94CF3CD826CB40
                                                                                                                                                                                                                                        Function 00007FF6DCDAA8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6DCDA6091,?,?,?,?,00007FF6DCDADF1F,?,?,00000000,00007FF6DCDAAA16,?,?,?), ref: 00007FF6DCDAA907
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA6091,?,?,?,?,00007FF6DCDADF1F,?,?,00000000,00007FF6DCDAAA16,?,?,?), ref: 00007FF6DCDAA93D
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA6091,?,?,?,?,00007FF6DCDADF1F,?,?,00000000,00007FF6DCDAAA16,?,?,?), ref: 00007FF6DCDAA96A
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA6091,?,?,?,?,00007FF6DCDADF1F,?,?,00000000,00007FF6DCDAAA16,?,?,?), ref: 00007FF6DCDAA97B
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA6091,?,?,?,?,00007FF6DCDADF1F,?,?,00000000,00007FF6DCDAAA16,?,?,?), ref: 00007FF6DCDAA98C
                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF6DCDA6091,?,?,?,?,00007FF6DCDADF1F,?,?,00000000,00007FF6DCDAAA16,?,?,?), ref: 00007FF6DCDAA9A7
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                        • Opcode ID: 9b225a077f4281318a7ef705813386e144cc6119260bee2e0aedcf55e065e7dc
                                                                                                                                                                                                                                        • Instruction ID: 8cdf20481448347f8dfac9f0352734544a5981882735c36afb90a0a2d9a88191
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b225a077f4281318a7ef705813386e144cc6119260bee2e0aedcf55e065e7dc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A116D20B0C24A42FA5457225E5197E62928FE97B0F644737E86EC7AD6DF3CA463C601
                                                                                                                                                                                                                                        Function 00007FF6DCD9BC08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                        • String ID: csm$f
                                                                                                                                                                                                                                        • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                        • Opcode ID: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                                                                                                                                        • Instruction ID: d4400507400496c53d0146304c4a9d29a45d4b8936fce860d68dc5596166315e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F51D53AB0920A96D724CF11E814A7D37A5FB80B88F528272DA4F83758DF38E852C750
                                                                                                                                                                                                                                        Function 00007FF6DCDA8A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                        • Opcode ID: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                                                                                                                                        • Instruction ID: d79ddc5625f99e3551fab5544bee7b334d171065b2312f6727888ced1ba9ae38
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1EF03721B0DB0A91EB148B24AC9477D6361AF897A1F644736CA6E852E4DF3CD0AAC300
                                                                                                                                                                                                                                        Function 00007FF6DCDB8824 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                                        • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                                        • Instruction ID: b7c1e347bd1e7b3cfdbeed7fd76e76c7f357970b084b30eaeefa934c42547779
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3114F2AF58A1B42F6541128FC4537D91636F58364E28073AEA6EC76DBCE2CA863C211
                                                                                                                                                                                                                                        Function 00007FF6DCDAA9C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDAA9DF
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDAA9FE
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDAAA26
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDAAA37
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E,?,?,?,?,?,00007FF6DCDA1A40), ref: 00007FF6DCDAAA48
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                        • Opcode ID: 7e9f7daeefede5d6cf057412dd821cf39c29068a7a1c9ec5056b211d60d8f6b4
                                                                                                                                                                                                                                        • Instruction ID: 2a4be46442e568748df569d05c6584d93ad0ddd5f85bdd8e1efc295dfef5cbb9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e9f7daeefede5d6cf057412dd821cf39c29068a7a1c9ec5056b211d60d8f6b4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9117F11B0860A41FA5853219E81A7E61825FE47A0F148337E83EC7AD6DE3CE473CA01
                                                                                                                                                                                                                                        Function 00007FF6DCDAA854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F), ref: 00007FF6DCDAA865
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F), ref: 00007FF6DCDAA884
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F), ref: 00007FF6DCDAA8AC
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F), ref: 00007FF6DCDAA8BD
                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6DCDB24B3,?,?,?,00007FF6DCDACCEC,?,?,00000000,00007FF6DCDA386F), ref: 00007FF6DCDAA8CE
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                        • Opcode ID: beb9e1a05ea758e4ab17276de5b2837cba649d003c822ebdac11e23849688a82
                                                                                                                                                                                                                                        • Instruction ID: 33d6ea7ec89b16a2deafb65a92dcd92d39f42ec88b1ed5dbffb1c3e66c3fa72d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: beb9e1a05ea758e4ab17276de5b2837cba649d003c822ebdac11e23849688a82
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D811D610F0920B45F9AC66754C5297E62928FE9360F284737D93ECA6D2DE3CB873CA41
                                                                                                                                                                                                                                        Function 00007FF6DCDAF218 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                        • Opcode ID: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                                                                                                                                        • Instruction ID: 919d3b0067aaa5d1e86086faa9c34fe7517fa8e972e60fc3cfd4331283147907
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F81C132F0C30A89F7644E29C950A7C36A0ABB1B44F5582B7EA49D7285CF7DE923D305
                                                                                                                                                                                                                                        Function 00007FF6DCD9D468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                        • Opcode ID: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                                                                                                                                        • Instruction ID: 26c1dbd728bc5d5b864c9cc931e1a9eddb5978ea6e93ad55c46d488cf77648ba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06613C7AA08B498AEB50CF65D8503AD77A0FB45B8CF144226EF4D57B99CF38E166C700
                                                                                                                                                                                                                                        Function 00007FF6DCD9D7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                        • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                                                                                                                                        • Instruction ID: 91ae8d49e9b8b1d01157c5c9a043eb033b1570a5f76d2f0ea530ff020051e441
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70518F3AB0868A86EB649F15986436C77A0FB95B94F144337DA9C87B95CF3CE472C700
                                                                                                                                                                                                                                        Function 00007FF6DCD92CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF6DCD927C9,?,?,?,?,?,?), ref: 00007FF6DCD92D01
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD91CB0: GetLastError.KERNEL32(?,?,00000000,00007FF6DCD96904,?,?,?,?,?,?,?,?,?,?,?,00007FF6DCD91023), ref: 00007FF6DCD91CD7
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                        • API String ID: 2776309574-1977442011
                                                                                                                                                                                                                                        • Opcode ID: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                                                                                                                                                                                        • Instruction ID: c3600ec09fa5f723d5fd282f091e667bb7a6906c2e24eaa83449638d753f00df
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF01A725B1C64A51FA619724DC253BD1261AF5C7C0F800233D84DC62AAEE3CF127C700
                                                                                                                                                                                                                                        Function 00007FF6DCDABBD0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                                        • Opcode ID: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                                                                                                                                        • Instruction ID: d63619bca8e5a7c9eb9dfd3b1557aca2652d2de9e554352dbf004832d594819d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCD1FF72B18A8899EB10CF65D8406AC37B1FBA4798B144236CE4ED7B99DE38D027C700
                                                                                                                                                                                                                                        Function 00007FF6DCDB4DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                        • Opcode ID: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                                                                                                                                                                                        • Instruction ID: 8ba2e925910608c853e281192acb1b5ba327b0d7c1878407962dfdf7bdebf323
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D41F622B1828A41FB61DB25A81177E66B1EB90BA4F148336EE5C87AD5DF3CD462C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DCDA8002
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F8E
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCDA9F78: GetLastError.KERNEL32(?,?,?,00007FF6DCDB1EC2,?,?,?,00007FF6DCDB1EFF,?,?,00000000,00007FF6DCDB23C5,?,?,00000000,00007FF6DCDB22F7), ref: 00007FF6DCDA9F98
                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6DCD9A485), ref: 00007FF6DCDA8020
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                        • API String ID: 3580290477-3695852857
                                                                                                                                                                                                                                        • Opcode ID: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                                                                                                                                                                                        • Instruction ID: 9abb2f27eb1cc161721c3539e119119c7cd822d08f643543c3230d4d5f9f4128
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5414B32B08B4A86EB14AF219C404AD27A4EB947C4B544237EE4EC7B95DF3CE4A2C740
                                                                                                                                                                                                                                        Function 00007FF6DCDAC268 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                        • Opcode ID: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                                                                                                                                        • Instruction ID: 7783bac075b0bd70295fc6a93137086f116e6642ccd832fd152e778d4feaf2ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7641B222B18A4986EB209F65E8447AE77A0FBD8794F504232EE4DC7798DF3DD452C740
                                                                                                                                                                                                                                        Function 00007FF6DCDAE588 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                        • Opcode ID: 299dd2601fabda0eaedb6d74bbca1af16fe573635883c06f79dbd5a665f7b651
                                                                                                                                                                                                                                        • Instruction ID: e4606034f6a96dd32aff84819cd743678cca1ba17ad33f1e850b30afe9f001bd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 299dd2601fabda0eaedb6d74bbca1af16fe573635883c06f79dbd5a665f7b651
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05212832B0868985EB208B11D84466D73B2FBD8B44F494637D68DC3694CF7CE966CB50
                                                                                                                                                                                                                                        Function 00007FF6DCD9E310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                        • Opcode ID: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                                                                                                                                        • Instruction ID: 009718f563a99e360ae2ae2f044aa730f5c90d5f977f3d6622099b1f5391baf2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB114F36608B4982EB508F15F84026D77A5FB88B84F184232DE8D47B55DF3DD662C700
                                                                                                                                                                                                                                        Function 00007FF6DCDAF08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2505854486.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505816981.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505928632.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2505971875.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2506049581.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                        • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                                                                                                                                        • Instruction ID: 290f522915ef461216b2e4ff7ef68a003c4f6d587aa9820ccc6f30994a0118bf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09018462B1870A85F7209F619C6167E63A0EFA4744F840237E54DC2695DF3CD567C618

                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                        Execution Coverage:1.2%
                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                        Total number of Nodes:733
                                                                                                                                                                                                                                        Total number of Limit Nodes:13
                                                                                                                                                                                                                                        execution_graph 112351 7ffd93ef2b53 112352 7ffd940e9160 112351->112352 112353 7ffd940e916a TlsFree 112352->112353 112354 7ff6dcda8919 112366 7ff6dcda9238 112354->112366 112356 7ff6dcda891e 112357 7ff6dcda898f 112356->112357 112358 7ff6dcda8945 GetModuleHandleW 112356->112358 112359 7ff6dcda881c 11 API calls 112357->112359 112358->112357 112363 7ff6dcda8952 112358->112363 112360 7ff6dcda89cb 112359->112360 112361 7ff6dcda89d2 112360->112361 112362 7ff6dcda89e8 11 API calls 112360->112362 112364 7ff6dcda89e4 112362->112364 112363->112357 112365 7ff6dcda8a40 GetModuleHandleExW GetProcAddress FreeLibrary 112363->112365 112365->112357 112371 7ff6dcdaa780 45 API calls 3 library calls 112366->112371 112368 7ff6dcda9241 112372 7ff6dcda936c 45 API calls 2 library calls 112368->112372 112371->112368 112373 7ff6dcd9a51c 112394 7ff6dcd9a6fc 112373->112394 112376 7ff6dcd9a673 112495 7ff6dcd9aa2c 7 API calls 2 library calls 112376->112495 112377 7ff6dcd9a53d __scrt_acquire_startup_lock 112379 7ff6dcd9a67d 112377->112379 112384 7ff6dcd9a55b __scrt_release_startup_lock 112377->112384 112496 7ff6dcd9aa2c 7 API calls 2 library calls 112379->112496 112381 7ff6dcd9a580 112382 7ff6dcd9a688 __FrameHandler3::FrameUnwindToEmptyState 112383 7ff6dcd9a606 112402 7ff6dcda8738 112383->112402 112384->112381 112384->112383 112492 7ff6dcda8ae4 45 API calls 112384->112492 112387 7ff6dcd9a60b 112408 7ff6dcd91000 112387->112408 112391 7ff6dcd9a62f 112391->112382 112494 7ff6dcd9a890 7 API calls __scrt_initialize_crt 112391->112494 112393 7ff6dcd9a646 112393->112381 112497 7ff6dcd9accc 112394->112497 112397 7ff6dcd9a72b 112499 7ff6dcda91ec 112397->112499 112401 7ff6dcd9a535 112401->112376 112401->112377 112403 7ff6dcda8748 112402->112403 112406 7ff6dcda875d 112402->112406 112403->112406 112516 7ff6dcda81c8 40 API calls __free_lconv_mon 112403->112516 112405 7ff6dcda8766 112405->112406 112517 7ff6dcda8588 12 API calls 3 library calls 112405->112517 112406->112387 112409 7ff6dcd91011 112408->112409 112518 7ff6dcd967c0 112409->112518 112411 7ff6dcd91023 112525 7ff6dcda4f7c 112411->112525 112413 7ff6dcd927ab 112532 7ff6dcd91af0 112413->112532 112419 7ff6dcd927c9 112483 7ff6dcd928ca 112419->112483 112548 7ff6dcd92c50 112419->112548 112421 7ff6dcd927fb 112421->112483 112551 7ff6dcd95af0 112421->112551 112423 7ff6dcd92817 112424 7ff6dcd92863 112423->112424 112426 7ff6dcd95af0 92 API calls 112423->112426 112566 7ff6dcd960f0 112424->112566 112431 7ff6dcd92838 __vcrt_freefls 112426->112431 112427 7ff6dcd92878 112570 7ff6dcd919d0 112427->112570 112430 7ff6dcd9296d 112433 7ff6dcd92998 112430->112433 112675 7ff6dcd924a0 86 API calls 112430->112675 112431->112424 112437 7ff6dcd960f0 89 API calls 112431->112437 112432 7ff6dcd919d0 121 API calls 112436 7ff6dcd928ae 112432->112436 112441 7ff6dcd929db 112433->112441 112581 7ff6dcd96db0 112433->112581 112439 7ff6dcd928f0 112436->112439 112440 7ff6dcd928b2 112436->112440 112437->112424 112438 7ff6dcd929b8 112442 7ff6dcd929ce SetDllDirectoryW 112438->112442 112443 7ff6dcd929bd 112438->112443 112439->112430 112652 7ff6dcd92de0 112439->112652 112637 7ff6dcd91c50 112440->112637 112595 7ff6dcd94fa0 112441->112595 112442->112441 112446 7ff6dcd91c50 86 API calls 112443->112446 112446->112483 112450 7ff6dcd92912 112455 7ff6dcd91c50 86 API calls 112450->112455 112451 7ff6dcd92a36 112458 7ff6dcd92af6 112451->112458 112464 7ff6dcd92a49 112451->112464 112454 7ff6dcd92940 112454->112430 112457 7ff6dcd92945 112454->112457 112455->112483 112456 7ff6dcd929f8 112456->112451 112677 7ff6dcd947a0 158 API calls 3 library calls 112456->112677 112671 7ff6dcd9e60c 112457->112671 112627 7ff6dcd92330 112458->112627 112462 7ff6dcd92a09 112465 7ff6dcd92a2c 112462->112465 112466 7ff6dcd92a0d 112462->112466 112471 7ff6dcd92a95 112464->112471 112681 7ff6dcd91b30 112464->112681 112680 7ff6dcd949f0 FreeLibrary 112465->112680 112678 7ff6dcd94730 120 API calls 112466->112678 112471->112483 112599 7ff6dcd922d0 112471->112599 112472 7ff6dcd92a17 112472->112465 112474 7ff6dcd92a1b 112472->112474 112473 7ff6dcd92b2b 112475 7ff6dcd95af0 92 API calls 112473->112475 112679 7ff6dcd94df0 87 API calls 112474->112679 112478 7ff6dcd92b37 112475->112478 112481 7ff6dcd92b48 112478->112481 112478->112483 112479 7ff6dcd92ad1 112685 7ff6dcd949f0 FreeLibrary 112479->112685 112480 7ff6dcd92a2a 112480->112451 112687 7ff6dcd96130 94 API calls 2 library calls 112481->112687 112643 7ff6dcd9a100 112483->112643 112485 7ff6dcd92b60 112688 7ff6dcd949f0 FreeLibrary 112485->112688 112487 7ff6dcd92b6c 112488 7ff6dcd92b87 112487->112488 112689 7ff6dcd95df0 98 API calls 2 library calls 112487->112689 112690 7ff6dcd91ab0 74 API calls __vcrt_freefls 112488->112690 112491 7ff6dcd92b8f 112491->112483 112492->112383 112493 7ff6dcd9ab80 GetModuleHandleW 112493->112391 112494->112393 112495->112379 112496->112382 112498 7ff6dcd9a71e __scrt_dllmain_crt_thread_attach 112497->112498 112498->112397 112498->112401 112500 7ff6dcdb264c 112499->112500 112501 7ff6dcd9a730 112500->112501 112504 7ff6dcdabb50 112500->112504 112501->112401 112503 7ff6dcd9be28 7 API calls 2 library calls 112501->112503 112503->112401 112515 7ff6dcdaf808 EnterCriticalSection 112504->112515 112506 7ff6dcdabb60 112507 7ff6dcda6ca8 43 API calls 112506->112507 112508 7ff6dcdabb69 112507->112508 112510 7ff6dcdab958 45 API calls 112508->112510 112514 7ff6dcdabb77 112508->112514 112509 7ff6dcdaf868 _isindst LeaveCriticalSection 112511 7ff6dcdabb83 112509->112511 112512 7ff6dcdabb72 112510->112512 112511->112500 112513 7ff6dcdaba48 GetStdHandle GetFileType 112512->112513 112513->112514 112514->112509 112516->112405 112517->112406 112523 7ff6dcd967df 112518->112523 112519 7ff6dcd96830 WideCharToMultiByte 112520 7ff6dcd968d8 112519->112520 112519->112523 112691 7ff6dcd91cb0 86 API calls 112520->112691 112521 7ff6dcd96886 WideCharToMultiByte 112521->112520 112521->112523 112523->112519 112523->112520 112523->112521 112524 7ff6dcd967e7 __vcrt_freefls 112523->112524 112524->112411 112528 7ff6dcdaecc0 112525->112528 112526 7ff6dcdaed13 112692 7ff6dcda9e44 37 API calls 2 library calls 112526->112692 112528->112526 112529 7ff6dcdaed66 112528->112529 112693 7ff6dcdaeb98 71 API calls _fread_nolock 112529->112693 112531 7ff6dcdaed3c 112531->112413 112533 7ff6dcd91b05 112532->112533 112534 7ff6dcd91b20 112533->112534 112694 7ff6dcd91c10 86 API calls 112533->112694 112534->112483 112536 7ff6dcd92cd0 112534->112536 112695 7ff6dcd9a130 112536->112695 112539 7ff6dcd92d22 112698 7ff6dcd96ec0 88 API calls 112539->112698 112540 7ff6dcd92d0b 112697 7ff6dcd91cb0 86 API calls 112540->112697 112543 7ff6dcd92d35 112544 7ff6dcd91c50 86 API calls 112543->112544 112546 7ff6dcd92d1e 112543->112546 112544->112546 112545 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112547 7ff6dcd92d5f 112545->112547 112546->112545 112547->112419 112549 7ff6dcd91b30 49 API calls 112548->112549 112550 7ff6dcd92c6d 112549->112550 112550->112421 112552 7ff6dcd95afa 112551->112552 112553 7ff6dcd96db0 88 API calls 112552->112553 112554 7ff6dcd95b1c GetEnvironmentVariableW 112553->112554 112555 7ff6dcd95b34 ExpandEnvironmentStringsW 112554->112555 112556 7ff6dcd95b86 112554->112556 112699 7ff6dcd96ec0 88 API calls 112555->112699 112558 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112556->112558 112559 7ff6dcd95b98 112558->112559 112559->112423 112560 7ff6dcd95b5c 112560->112556 112561 7ff6dcd95b66 112560->112561 112700 7ff6dcda926c 37 API calls 2 library calls 112561->112700 112563 7ff6dcd95b6e 112564 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112563->112564 112565 7ff6dcd95b7e 112564->112565 112565->112423 112567 7ff6dcd96db0 88 API calls 112566->112567 112568 7ff6dcd96107 SetEnvironmentVariableW 112567->112568 112569 7ff6dcd9611f __vcrt_freefls 112568->112569 112569->112427 112571 7ff6dcd91b30 49 API calls 112570->112571 112572 7ff6dcd91a00 112571->112572 112573 7ff6dcd91b30 49 API calls 112572->112573 112579 7ff6dcd91a7a 112572->112579 112574 7ff6dcd91a22 112573->112574 112575 7ff6dcd92c50 49 API calls 112574->112575 112574->112579 112576 7ff6dcd91a3b 112575->112576 112701 7ff6dcd917b0 112576->112701 112579->112430 112579->112432 112580 7ff6dcd9e60c 74 API calls 112580->112579 112582 7ff6dcd96dd1 MultiByteToWideChar 112581->112582 112583 7ff6dcd96e57 MultiByteToWideChar 112581->112583 112586 7ff6dcd96df7 112582->112586 112589 7ff6dcd96e1c 112582->112589 112584 7ff6dcd96e9f 112583->112584 112585 7ff6dcd96e7a 112583->112585 112584->112438 112784 7ff6dcd91cb0 86 API calls 112585->112784 112782 7ff6dcd91cb0 86 API calls 112586->112782 112589->112583 112592 7ff6dcd96e32 112589->112592 112590 7ff6dcd96e8d 112590->112438 112591 7ff6dcd96e0a 112591->112438 112783 7ff6dcd91cb0 86 API calls 112592->112783 112594 7ff6dcd96e45 112594->112438 112596 7ff6dcd94fb5 112595->112596 112598 7ff6dcd929e0 112596->112598 112785 7ff6dcd91c10 86 API calls 112596->112785 112598->112451 112676 7ff6dcd94c40 120 API calls 2 library calls 112598->112676 112786 7ff6dcd93ac0 112599->112786 112602 7ff6dcd9231d 112602->112479 112604 7ff6dcd922f4 112604->112602 112842 7ff6dcd93840 112604->112842 112606 7ff6dcd92300 112606->112602 112852 7ff6dcd939a0 112606->112852 112608 7ff6dcd9230c 112608->112602 112609 7ff6dcd92547 112608->112609 112610 7ff6dcd9255c 112608->112610 112611 7ff6dcd91c50 86 API calls 112609->112611 112613 7ff6dcd9257c 112610->112613 112624 7ff6dcd92592 __vcrt_freefls 112610->112624 112612 7ff6dcd92553 112611->112612 112614 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112612->112614 112615 7ff6dcd91c50 86 API calls 112613->112615 112616 7ff6dcd926ea 112614->112616 112615->112612 112616->112479 112619 7ff6dcd91b30 49 API calls 112619->112624 112620 7ff6dcd9273f 112621 7ff6dcd91c50 86 API calls 112620->112621 112621->112612 112622 7ff6dcd92719 112623 7ff6dcd91c50 86 API calls 112622->112623 112623->112612 112624->112612 112624->112619 112624->112620 112624->112622 112625 7ff6dcd926f6 112624->112625 112857 7ff6dcd912b0 112624->112857 112883 7ff6dcd91780 86 API calls 112624->112883 112626 7ff6dcd91c50 86 API calls 112625->112626 112626->112612 112628 7ff6dcd923e4 112627->112628 112633 7ff6dcd923a3 112627->112633 112629 7ff6dcd92423 112628->112629 113023 7ff6dcd91ab0 74 API calls __vcrt_freefls 112628->113023 112631 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112629->112631 112632 7ff6dcd92435 112631->112632 112632->112483 112686 7ff6dcd96080 88 API calls __vcrt_freefls 112632->112686 112633->112628 112967 7ff6dcd91dc0 112633->112967 113022 7ff6dcd91440 158 API calls 2 library calls 112633->113022 113024 7ff6dcd91780 86 API calls 112633->113024 112638 7ff6dcd91c6e 112637->112638 113119 7ff6dcd91b90 112638->113119 112644 7ff6dcd9a109 112643->112644 112645 7ff6dcd928de 112644->112645 112646 7ff6dcd9a1c0 IsProcessorFeaturePresent 112644->112646 112645->112493 112647 7ff6dcd9a1d8 112646->112647 113168 7ff6dcd9a3b4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 112647->113168 112649 7ff6dcd9a1eb 113169 7ff6dcd9a180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 112649->113169 112653 7ff6dcd92dec 112652->112653 112654 7ff6dcd96db0 88 API calls 112653->112654 112655 7ff6dcd92e17 112654->112655 112656 7ff6dcd96db0 88 API calls 112655->112656 112657 7ff6dcd92e2a 112656->112657 113170 7ff6dcda5538 112657->113170 112660 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112661 7ff6dcd9290a 112660->112661 112661->112450 112662 7ff6dcd96360 112661->112662 112663 7ff6dcd96384 112662->112663 112664 7ff6dcd9ec94 73 API calls 112663->112664 112669 7ff6dcd9645b __vcrt_freefls 112663->112669 112665 7ff6dcd9639e 112664->112665 112665->112669 113338 7ff6dcda7a9c 112665->113338 112667 7ff6dcd9ec94 73 API calls 112670 7ff6dcd963b3 112667->112670 112668 7ff6dcd9e95c _fread_nolock 53 API calls 112668->112670 112669->112454 112670->112667 112670->112668 112670->112669 112672 7ff6dcd9e63c 112671->112672 113354 7ff6dcd9e3e8 112672->113354 112674 7ff6dcd9e655 112674->112450 112675->112433 112676->112456 112677->112462 112678->112472 112679->112480 112680->112451 112682 7ff6dcd91b55 112681->112682 112683 7ff6dcda3c80 49 API calls 112682->112683 112684 7ff6dcd91b78 112683->112684 112684->112471 112685->112483 112686->112473 112687->112485 112688->112487 112689->112488 112690->112491 112691->112524 112692->112531 112693->112531 112694->112534 112696 7ff6dcd92cdc GetModuleFileNameW 112695->112696 112696->112539 112696->112540 112697->112546 112698->112543 112699->112560 112700->112563 112702 7ff6dcd917e4 112701->112702 112703 7ff6dcd917d4 112701->112703 112705 7ff6dcd96360 83 API calls 112702->112705 112733 7ff6dcd91842 112702->112733 112704 7ff6dcd92de0 120 API calls 112703->112704 112704->112702 112706 7ff6dcd91815 112705->112706 112706->112733 112735 7ff6dcd9ec94 112706->112735 112708 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112710 7ff6dcd919c0 112708->112710 112709 7ff6dcd9182b 112711 7ff6dcd9182f 112709->112711 112712 7ff6dcd9184c 112709->112712 112710->112579 112710->112580 112748 7ff6dcd91c10 86 API calls 112711->112748 112739 7ff6dcd9e95c 112712->112739 112716 7ff6dcd9ec94 73 API calls 112718 7ff6dcd918d1 112716->112718 112719 7ff6dcd918fe 112718->112719 112720 7ff6dcd918e3 112718->112720 112722 7ff6dcd9e95c _fread_nolock 53 API calls 112719->112722 112750 7ff6dcd91c10 86 API calls 112720->112750 112723 7ff6dcd91913 112722->112723 112724 7ff6dcd91925 112723->112724 112725 7ff6dcd91867 112723->112725 112742 7ff6dcd9e6d0 112724->112742 112749 7ff6dcd91c10 86 API calls 112725->112749 112728 7ff6dcd9193d 112729 7ff6dcd91c50 86 API calls 112728->112729 112729->112733 112730 7ff6dcd91993 112731 7ff6dcd9e60c 74 API calls 112730->112731 112730->112733 112731->112733 112732 7ff6dcd91950 112732->112730 112734 7ff6dcd91c50 86 API calls 112732->112734 112733->112708 112734->112730 112736 7ff6dcd9ecc4 112735->112736 112751 7ff6dcd9ea24 112736->112751 112738 7ff6dcd9ecdd 112738->112709 112764 7ff6dcd9e97c 112739->112764 112743 7ff6dcd9e6d9 112742->112743 112744 7ff6dcd91939 112742->112744 112780 7ff6dcda6088 11 API calls _get_daylight 112743->112780 112744->112728 112744->112732 112746 7ff6dcd9e6de 112781 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 112746->112781 112748->112733 112749->112733 112750->112733 112752 7ff6dcd9ea8e 112751->112752 112753 7ff6dcd9ea4e 112751->112753 112752->112753 112754 7ff6dcd9ea9a 112752->112754 112763 7ff6dcda9e44 37 API calls 2 library calls 112753->112763 112762 7ff6dcda438c EnterCriticalSection 112754->112762 112757 7ff6dcd9ea9f 112758 7ff6dcd9eba8 71 API calls 112757->112758 112759 7ff6dcd9eab1 112758->112759 112760 7ff6dcda4398 _fread_nolock LeaveCriticalSection 112759->112760 112761 7ff6dcd9ea75 112760->112761 112761->112738 112763->112761 112765 7ff6dcd91861 112764->112765 112766 7ff6dcd9e9a6 112764->112766 112765->112716 112765->112725 112766->112765 112767 7ff6dcd9e9f2 112766->112767 112768 7ff6dcd9e9b5 memcpy_s 112766->112768 112777 7ff6dcda438c EnterCriticalSection 112767->112777 112778 7ff6dcda6088 11 API calls _get_daylight 112768->112778 112771 7ff6dcd9e9fa 112773 7ff6dcd9e6fc _fread_nolock 51 API calls 112771->112773 112772 7ff6dcd9e9ca 112779 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 112772->112779 112775 7ff6dcd9ea11 112773->112775 112776 7ff6dcda4398 _fread_nolock LeaveCriticalSection 112775->112776 112776->112765 112778->112772 112780->112746 112782->112591 112783->112594 112784->112590 112785->112598 112787 7ff6dcd93ad0 112786->112787 112788 7ff6dcd91b30 49 API calls 112787->112788 112789 7ff6dcd93b02 112788->112789 112790 7ff6dcd93b2b 112789->112790 112791 7ff6dcd93b0b 112789->112791 112793 7ff6dcd93b82 112790->112793 112884 7ff6dcd92e60 112790->112884 112792 7ff6dcd91c50 86 API calls 112791->112792 112795 7ff6dcd93b21 112792->112795 112794 7ff6dcd92e60 49 API calls 112793->112794 112797 7ff6dcd93b9b 112794->112797 112799 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112795->112799 112800 7ff6dcd93bb9 112797->112800 112804 7ff6dcd91c50 86 API calls 112797->112804 112798 7ff6dcd93b4c 112801 7ff6dcd93b6a 112798->112801 112806 7ff6dcd91c50 86 API calls 112798->112806 112803 7ff6dcd922de 112799->112803 112893 7ff6dcd96310 112800->112893 112887 7ff6dcd92d70 112801->112887 112803->112602 112814 7ff6dcd93e40 112803->112814 112804->112800 112806->112801 112808 7ff6dcd93bc6 112809 7ff6dcd93bcb 112808->112809 112810 7ff6dcd93bed 112808->112810 112897 7ff6dcd91cb0 86 API calls 112809->112897 112898 7ff6dcd92f20 141 API calls 112810->112898 112812 7ff6dcd96310 89 API calls 112812->112793 112815 7ff6dcd95af0 92 API calls 112814->112815 112817 7ff6dcd93e55 112815->112817 112816 7ff6dcd93e70 112818 7ff6dcd96db0 88 API calls 112816->112818 112817->112816 112819 7ff6dcd91c50 86 API calls 112817->112819 112820 7ff6dcd93eb4 112818->112820 112819->112816 112821 7ff6dcd93ed0 112820->112821 112822 7ff6dcd93eb9 112820->112822 112825 7ff6dcd96db0 88 API calls 112821->112825 112823 7ff6dcd91c50 86 API calls 112822->112823 112824 7ff6dcd93ec5 112823->112824 112824->112604 112826 7ff6dcd93f05 112825->112826 112829 7ff6dcd91b30 49 API calls 112826->112829 112840 7ff6dcd93f0a __vcrt_freefls 112826->112840 112827 7ff6dcd91c50 86 API calls 112828 7ff6dcd940b1 112827->112828 112828->112604 112830 7ff6dcd93f87 112829->112830 112831 7ff6dcd93f8e 112830->112831 112832 7ff6dcd93fb3 112830->112832 112834 7ff6dcd91c50 86 API calls 112831->112834 112833 7ff6dcd96db0 88 API calls 112832->112833 112836 7ff6dcd93fcc 112833->112836 112835 7ff6dcd93fa3 112834->112835 112835->112604 112836->112840 112899 7ff6dcd93c20 112836->112899 112840->112827 112841 7ff6dcd9409a 112840->112841 112841->112604 112843 7ff6dcd93857 112842->112843 112843->112843 112844 7ff6dcd93880 112843->112844 112851 7ff6dcd93897 __vcrt_freefls 112843->112851 112845 7ff6dcd91c50 86 API calls 112844->112845 112846 7ff6dcd9388c 112845->112846 112846->112606 112847 7ff6dcd9397b 112847->112606 112848 7ff6dcd912b0 120 API calls 112848->112851 112850 7ff6dcd91c50 86 API calls 112850->112851 112851->112847 112851->112848 112851->112850 112941 7ff6dcd91780 86 API calls 112851->112941 112853 7ff6dcd93aa7 112852->112853 112855 7ff6dcd939bb 112852->112855 112853->112608 112855->112853 112855->112855 112856 7ff6dcd91c50 86 API calls 112855->112856 112942 7ff6dcd91780 86 API calls 112855->112942 112856->112855 112858 7ff6dcd912c6 112857->112858 112859 7ff6dcd912f8 112857->112859 112860 7ff6dcd92de0 120 API calls 112858->112860 112861 7ff6dcd9ec94 73 API calls 112859->112861 112862 7ff6dcd912d6 112860->112862 112863 7ff6dcd9130a 112861->112863 112862->112859 112864 7ff6dcd912de 112862->112864 112865 7ff6dcd9130e 112863->112865 112866 7ff6dcd9132f 112863->112866 112867 7ff6dcd91c50 86 API calls 112864->112867 112961 7ff6dcd91c10 86 API calls 112865->112961 112871 7ff6dcd91364 112866->112871 112872 7ff6dcd91344 112866->112872 112869 7ff6dcd912ee 112867->112869 112869->112624 112870 7ff6dcd91325 112870->112624 112874 7ff6dcd9137e 112871->112874 112879 7ff6dcd91395 112871->112879 112962 7ff6dcd91c10 86 API calls 112872->112962 112943 7ff6dcd91050 112874->112943 112876 7ff6dcd91421 112876->112624 112877 7ff6dcd9e95c _fread_nolock 53 API calls 112877->112879 112878 7ff6dcd9e60c 74 API calls 112878->112876 112879->112877 112880 7ff6dcd913de 112879->112880 112881 7ff6dcd9135f __vcrt_freefls 112879->112881 112963 7ff6dcd91c10 86 API calls 112880->112963 112881->112876 112881->112878 112883->112624 112885 7ff6dcd91b30 49 API calls 112884->112885 112886 7ff6dcd92e90 112885->112886 112886->112798 112886->112886 112888 7ff6dcd92d7a 112887->112888 112889 7ff6dcd96db0 88 API calls 112888->112889 112890 7ff6dcd92da2 112889->112890 112891 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112890->112891 112892 7ff6dcd92dca 112891->112892 112892->112793 112892->112812 112894 7ff6dcd96db0 88 API calls 112893->112894 112895 7ff6dcd96327 LoadLibraryExW 112894->112895 112896 7ff6dcd96344 __vcrt_freefls 112895->112896 112896->112808 112897->112795 112898->112795 112900 7ff6dcd93c3a 112899->112900 112904 7ff6dcd93d53 112900->112904 112907 7ff6dcd93e29 112900->112907 112925 7ff6dcd93df1 112900->112925 112927 7ff6dcda5740 47 API calls 112900->112927 112928 7ff6dcd91780 86 API calls 112900->112928 112901 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112903 7ff6dcd93e10 112901->112903 112926 7ff6dcd96fb0 88 API calls __vcrt_freefls 112903->112926 112904->112925 112929 7ff6dcda92e4 112904->112929 112909 7ff6dcd91c50 86 API calls 112907->112909 112909->112925 112911 7ff6dcd93d76 112912 7ff6dcda92e4 _fread_nolock 37 API calls 112911->112912 112913 7ff6dcd93d88 112912->112913 112936 7ff6dcda584c 39 API calls 3 library calls 112913->112936 112915 7ff6dcd93d94 112937 7ff6dcda5dd4 73 API calls 112915->112937 112917 7ff6dcd93da6 112938 7ff6dcda5dd4 73 API calls 112917->112938 112919 7ff6dcd93db8 112920 7ff6dcda4f7c 71 API calls 112919->112920 112921 7ff6dcd93dc9 112920->112921 112922 7ff6dcda4f7c 71 API calls 112921->112922 112923 7ff6dcd93ddd 112922->112923 112924 7ff6dcda4f7c 71 API calls 112923->112924 112924->112925 112925->112901 112926->112840 112927->112900 112928->112900 112930 7ff6dcd93d6a 112929->112930 112931 7ff6dcda92ed 112929->112931 112935 7ff6dcda584c 39 API calls 3 library calls 112930->112935 112939 7ff6dcda6088 11 API calls _get_daylight 112931->112939 112933 7ff6dcda92f2 112940 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 112933->112940 112935->112911 112936->112915 112937->112917 112938->112919 112939->112933 112941->112851 112942->112855 112944 7ff6dcd910a6 112943->112944 112945 7ff6dcd910d3 112944->112945 112946 7ff6dcd910ad 112944->112946 112949 7ff6dcd91109 112945->112949 112950 7ff6dcd910ed 112945->112950 112947 7ff6dcd91c50 86 API calls 112946->112947 112948 7ff6dcd910c0 112947->112948 112948->112881 112952 7ff6dcd9111b 112949->112952 112955 7ff6dcd91137 memcpy_s 112949->112955 112964 7ff6dcd91c10 86 API calls 112950->112964 112965 7ff6dcd91c10 86 API calls 112952->112965 112954 7ff6dcd9e95c _fread_nolock 53 API calls 112954->112955 112955->112954 112956 7ff6dcd9e6d0 37 API calls 112955->112956 112957 7ff6dcd91104 __vcrt_freefls 112955->112957 112960 7ff6dcd911fe 112955->112960 112966 7ff6dcd9f09c 76 API calls 112955->112966 112956->112955 112957->112881 112958 7ff6dcd91c50 86 API calls 112958->112957 112960->112958 112961->112870 112962->112881 112963->112881 112964->112957 112965->112957 112966->112955 112968 7ff6dcd91dd6 112967->112968 112969 7ff6dcd91b30 49 API calls 112968->112969 112971 7ff6dcd91e0b 112969->112971 112970 7ff6dcd92211 112971->112970 112972 7ff6dcd92c50 49 API calls 112971->112972 112973 7ff6dcd91e7f 112972->112973 113025 7ff6dcd92230 112973->113025 112976 7ff6dcd91ec1 113033 7ff6dcd95880 127 API calls 112976->113033 112977 7ff6dcd91efa 112979 7ff6dcd92230 75 API calls 112977->112979 112981 7ff6dcd91f4c 112979->112981 112980 7ff6dcd91ec9 112982 7ff6dcd91eea 112980->112982 113034 7ff6dcd95760 138 API calls 2 library calls 112980->113034 112983 7ff6dcd91f50 112981->112983 112984 7ff6dcd91fb6 112981->112984 112985 7ff6dcd91c50 86 API calls 112982->112985 112990 7ff6dcd91ef3 112982->112990 113035 7ff6dcd95880 127 API calls 112983->113035 112987 7ff6dcd92230 75 API calls 112984->112987 112985->112990 112991 7ff6dcd91fe2 112987->112991 112989 7ff6dcd91f58 112989->112982 113036 7ff6dcd95760 138 API calls 2 library calls 112989->113036 112995 7ff6dcd9a100 _wfindfirst32i64 8 API calls 112990->112995 112992 7ff6dcd92042 112991->112992 112996 7ff6dcd92230 75 API calls 112991->112996 112992->112970 113037 7ff6dcd95880 127 API calls 112992->113037 112999 7ff6dcd91fab 112995->112999 113000 7ff6dcd92012 112996->113000 112997 7ff6dcd91f75 112997->112982 113001 7ff6dcd921f6 112997->113001 112998 7ff6dcd92052 112998->112970 113003 7ff6dcd91af0 86 API calls 112998->113003 113014 7ff6dcd9216f 112998->113014 112999->112633 113000->112992 113002 7ff6dcd92230 75 API calls 113000->113002 113004 7ff6dcd91c50 86 API calls 113001->113004 113002->112992 113005 7ff6dcd920af 113003->113005 113021 7ff6dcd9216a 113004->113021 113005->112970 113006 7ff6dcd91b30 49 API calls 113005->113006 113008 7ff6dcd920d7 113006->113008 113008->113001 113010 7ff6dcd91b30 49 API calls 113008->113010 113009 7ff6dcd921db 113009->113001 113039 7ff6dcd91440 158 API calls 2 library calls 113009->113039 113011 7ff6dcd92104 113010->113011 113011->113001 113013 7ff6dcd91b30 49 API calls 113011->113013 113015 7ff6dcd92131 113013->113015 113014->113009 113038 7ff6dcd91780 86 API calls 113014->113038 113015->113001 113017 7ff6dcd917b0 121 API calls 113015->113017 113018 7ff6dcd92153 113017->113018 113018->113014 113019 7ff6dcd92157 113018->113019 113020 7ff6dcd91c50 86 API calls 113019->113020 113020->113021 113040 7ff6dcd91ab0 74 API calls __vcrt_freefls 113021->113040 113022->112633 113023->112628 113024->112633 113026 7ff6dcd92264 113025->113026 113041 7ff6dcda3c80 113026->113041 113029 7ff6dcd9229b 113031 7ff6dcd9a100 _wfindfirst32i64 8 API calls 113029->113031 113032 7ff6dcd91ebd 113031->113032 113032->112976 113032->112977 113033->112980 113034->112982 113035->112989 113036->112997 113037->112998 113038->113014 113039->113009 113040->112970 113043 7ff6dcda3cda 113041->113043 113042 7ff6dcda3cff 113076 7ff6dcda9e44 37 API calls 2 library calls 113042->113076 113043->113042 113045 7ff6dcda3d3b 113043->113045 113077 7ff6dcda16c4 49 API calls _invalid_parameter_noinfo 113045->113077 113047 7ff6dcda3d29 113049 7ff6dcd9a100 _wfindfirst32i64 8 API calls 113047->113049 113048 7ff6dcda3e18 113080 7ff6dcda9f78 11 API calls 2 library calls 113048->113080 113051 7ff6dcd9228a 113049->113051 113051->113029 113059 7ff6dcda4e70 113051->113059 113052 7ff6dcda3dd2 113052->113048 113053 7ff6dcda3ded 113052->113053 113054 7ff6dcda3e3c 113052->113054 113057 7ff6dcda3de4 113052->113057 113078 7ff6dcda9f78 11 API calls 2 library calls 113053->113078 113054->113048 113055 7ff6dcda3e46 113054->113055 113079 7ff6dcda9f78 11 API calls 2 library calls 113055->113079 113057->113048 113057->113053 113060 7ff6dcda4e99 113059->113060 113061 7ff6dcda4e8d 113059->113061 113106 7ff6dcda4a84 45 API calls __FrameHandler3::FrameUnwindToEmptyState 113060->113106 113081 7ff6dcda46e8 113061->113081 113064 7ff6dcda4ec1 113066 7ff6dcda4ed1 113064->113066 113107 7ff6dcdae144 5 API calls __crtLCMapStringW 113064->113107 113108 7ff6dcda456c 14 API calls 3 library calls 113066->113108 113068 7ff6dcda4f29 113069 7ff6dcda4f41 113068->113069 113070 7ff6dcda4f2d 113068->113070 113071 7ff6dcda46e8 69 API calls 113069->113071 113072 7ff6dcda4e92 113070->113072 113109 7ff6dcda9f78 11 API calls 2 library calls 113070->113109 113073 7ff6dcda4f4d 113071->113073 113072->113029 113073->113072 113110 7ff6dcda9f78 11 API calls 2 library calls 113073->113110 113076->113047 113077->113052 113078->113047 113079->113047 113080->113047 113082 7ff6dcda471f 113081->113082 113083 7ff6dcda4702 113081->113083 113082->113083 113085 7ff6dcda4732 CreateFileW 113082->113085 113111 7ff6dcda6068 11 API calls _get_daylight 113083->113111 113087 7ff6dcda4766 113085->113087 113088 7ff6dcda479c 113085->113088 113086 7ff6dcda4707 113112 7ff6dcda6088 11 API calls _get_daylight 113086->113112 113114 7ff6dcda483c 59 API calls 3 library calls 113087->113114 113115 7ff6dcda4d60 46 API calls 3 library calls 113088->113115 113092 7ff6dcda47a1 113095 7ff6dcda47d0 113092->113095 113096 7ff6dcda47a5 113092->113096 113093 7ff6dcda470f 113113 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113093->113113 113094 7ff6dcda4774 113098 7ff6dcda4791 CloseHandle 113094->113098 113099 7ff6dcda477b CloseHandle 113094->113099 113117 7ff6dcda4b20 51 API calls 113095->113117 113116 7ff6dcda5ffc 11 API calls 2 library calls 113096->113116 113102 7ff6dcda471a 113098->113102 113099->113102 113102->113072 113103 7ff6dcda47dd 113118 7ff6dcda4c5c 21 API calls _fread_nolock 113103->113118 113105 7ff6dcda47af 113105->113102 113106->113064 113107->113066 113108->113068 113109->113072 113110->113072 113111->113086 113112->113093 113114->113094 113115->113092 113116->113105 113117->113103 113118->113105 113120 7ff6dcd91bb6 113119->113120 113133 7ff6dcda3b5c 113120->113133 113122 7ff6dcd91bcc 113123 7ff6dcd91d00 113122->113123 113124 7ff6dcd91d10 113123->113124 113125 7ff6dcda3c80 49 API calls 113124->113125 113126 7ff6dcd91d58 113125->113126 113149 7ff6dcd96bf0 MultiByteToWideChar 113126->113149 113128 7ff6dcd91d70 113129 7ff6dcd91b90 78 API calls 113128->113129 113130 7ff6dcd91d9e 113129->113130 113131 7ff6dcd9a100 _wfindfirst32i64 8 API calls 113130->113131 113132 7ff6dcd91c9b 113131->113132 113132->112483 113135 7ff6dcda3b86 113133->113135 113134 7ff6dcda3bbe 113147 7ff6dcda9e44 37 API calls 2 library calls 113134->113147 113135->113134 113136 7ff6dcda3bf1 113135->113136 113140 7ff6dcd9f140 113136->113140 113139 7ff6dcda3be7 113139->113122 113148 7ff6dcda438c EnterCriticalSection 113140->113148 113142 7ff6dcd9f15d 113143 7ff6dcda1084 76 API calls 113142->113143 113144 7ff6dcd9f166 113143->113144 113145 7ff6dcda4398 _fread_nolock LeaveCriticalSection 113144->113145 113146 7ff6dcd9f170 113145->113146 113146->113139 113147->113139 113150 7ff6dcd96c53 113149->113150 113151 7ff6dcd96c39 113149->113151 113153 7ff6dcd96c83 MultiByteToWideChar 113150->113153 113154 7ff6dcd96c69 113150->113154 113164 7ff6dcd91cb0 86 API calls 113151->113164 113156 7ff6dcd96cc0 WideCharToMultiByte 113153->113156 113157 7ff6dcd96ca6 113153->113157 113165 7ff6dcd91cb0 86 API calls 113154->113165 113159 7ff6dcd96cf6 113156->113159 113161 7ff6dcd96ced 113156->113161 113166 7ff6dcd91cb0 86 API calls 113157->113166 113160 7ff6dcd96d1b WideCharToMultiByte 113159->113160 113159->113161 113160->113161 113163 7ff6dcd96c4c __vcrt_freefls 113160->113163 113167 7ff6dcd91cb0 86 API calls 113161->113167 113163->113128 113164->113163 113165->113163 113166->113163 113167->113163 113168->112649 113171 7ff6dcda546c 113170->113171 113172 7ff6dcda5492 113171->113172 113175 7ff6dcda54c5 113171->113175 113201 7ff6dcda6088 11 API calls _get_daylight 113172->113201 113174 7ff6dcda5497 113202 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113174->113202 113176 7ff6dcda54d8 113175->113176 113177 7ff6dcda54cb 113175->113177 113189 7ff6dcdaa258 113176->113189 113203 7ff6dcda6088 11 API calls _get_daylight 113177->113203 113182 7ff6dcda54f9 113196 7ff6dcdaf51c 113182->113196 113183 7ff6dcda54ec 113204 7ff6dcda6088 11 API calls _get_daylight 113183->113204 113186 7ff6dcda550c 113205 7ff6dcda4398 LeaveCriticalSection 113186->113205 113188 7ff6dcd92e39 113188->112660 113206 7ff6dcdaf808 EnterCriticalSection 113189->113206 113191 7ff6dcdaa26f 113192 7ff6dcdaa2cc 19 API calls 113191->113192 113193 7ff6dcdaa27a 113192->113193 113194 7ff6dcdaf868 _isindst LeaveCriticalSection 113193->113194 113195 7ff6dcda54e2 113194->113195 113195->113182 113195->113183 113207 7ff6dcdaf218 113196->113207 113199 7ff6dcdaf576 113199->113186 113201->113174 113203->113188 113204->113188 113212 7ff6dcdaf253 __vcrt_FlsAlloc 113207->113212 113209 7ff6dcdaf4f1 113226 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113209->113226 113211 7ff6dcdaf423 113211->113199 113219 7ff6dcdb61dc 113211->113219 113217 7ff6dcdaf41a 113212->113217 113222 7ff6dcdb54f4 51 API calls 3 library calls 113212->113222 113214 7ff6dcdaf485 113214->113217 113223 7ff6dcdb54f4 51 API calls 3 library calls 113214->113223 113216 7ff6dcdaf4a4 113216->113217 113224 7ff6dcdb54f4 51 API calls 3 library calls 113216->113224 113217->113211 113225 7ff6dcda6088 11 API calls _get_daylight 113217->113225 113227 7ff6dcdb57dc 113219->113227 113222->113214 113223->113216 113224->113217 113225->113209 113228 7ff6dcdb57f3 113227->113228 113230 7ff6dcdb5811 113227->113230 113281 7ff6dcda6088 11 API calls _get_daylight 113228->113281 113230->113228 113232 7ff6dcdb582d 113230->113232 113231 7ff6dcdb57f8 113282 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113231->113282 113238 7ff6dcdb5dec 113232->113238 113236 7ff6dcdb5804 113236->113199 113284 7ff6dcdb5b20 113238->113284 113241 7ff6dcdb5e61 113316 7ff6dcda6068 11 API calls _get_daylight 113241->113316 113242 7ff6dcdb5e79 113304 7ff6dcda6e60 113242->113304 113245 7ff6dcdb5e66 113317 7ff6dcda6088 11 API calls _get_daylight 113245->113317 113253 7ff6dcdb5858 113253->113236 113283 7ff6dcda6e38 LeaveCriticalSection 113253->113283 113281->113231 113285 7ff6dcdb5b4c 113284->113285 113293 7ff6dcdb5b66 113284->113293 113285->113293 113329 7ff6dcda6088 11 API calls _get_daylight 113285->113329 113287 7ff6dcdb5b5b 113330 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113287->113330 113289 7ff6dcdb5c35 113301 7ff6dcdb5c92 113289->113301 113335 7ff6dcda57dc 37 API calls 2 library calls 113289->113335 113290 7ff6dcdb5be4 113290->113289 113333 7ff6dcda6088 11 API calls _get_daylight 113290->113333 113293->113290 113331 7ff6dcda6088 11 API calls _get_daylight 113293->113331 113294 7ff6dcdb5c8e 113299 7ff6dcdb5d10 113294->113299 113294->113301 113295 7ff6dcdb5c2a 113334 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113295->113334 113298 7ff6dcdb5bd9 113332 7ff6dcda9f10 37 API calls _invalid_parameter_noinfo 113298->113332 113336 7ff6dcda9f30 17 API calls _wfindfirst32i64 113299->113336 113301->113241 113301->113242 113337 7ff6dcdaf808 EnterCriticalSection 113304->113337 113316->113245 113317->113253 113329->113287 113331->113298 113333->113295 113335->113294 113339 7ff6dcda7acc 113338->113339 113342 7ff6dcda75a8 113339->113342 113341 7ff6dcda7ae5 113341->112670 113343 7ff6dcda75c3 113342->113343 113344 7ff6dcda75f2 113342->113344 113353 7ff6dcda9e44 37 API calls 2 library calls 113343->113353 113352 7ff6dcda438c EnterCriticalSection 113344->113352 113347 7ff6dcda75e3 113347->113341 113348 7ff6dcda75f7 113349 7ff6dcda7614 38 API calls 113348->113349 113350 7ff6dcda7603 113349->113350 113351 7ff6dcda4398 _fread_nolock LeaveCriticalSection 113350->113351 113351->113347 113353->113347 113355 7ff6dcd9e431 113354->113355 113356 7ff6dcd9e403 113354->113356 113363 7ff6dcd9e423 113355->113363 113364 7ff6dcda438c EnterCriticalSection 113355->113364 113365 7ff6dcda9e44 37 API calls 2 library calls 113356->113365 113359 7ff6dcd9e448 113360 7ff6dcd9e464 72 API calls 113359->113360 113361 7ff6dcd9e454 113360->113361 113362 7ff6dcda4398 _fread_nolock LeaveCriticalSection 113361->113362 113362->113363 113363->112674 113365->113363

                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                        Function 00007FF6DCDB5DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 152 7ff6dcdb5dec-7ff6dcdb5e5f call 7ff6dcdb5b20 155 7ff6dcdb5e61-7ff6dcdb5e6a call 7ff6dcda6068 152->155 156 7ff6dcdb5e79-7ff6dcdb5e83 call 7ff6dcda6e60 152->156 161 7ff6dcdb5e6d-7ff6dcdb5e74 call 7ff6dcda6088 155->161 162 7ff6dcdb5e9e-7ff6dcdb5f07 CreateFileW 156->162 163 7ff6dcdb5e85-7ff6dcdb5e9c call 7ff6dcda6068 call 7ff6dcda6088 156->163 176 7ff6dcdb61ba-7ff6dcdb61da 161->176 166 7ff6dcdb5f84-7ff6dcdb5f8f GetFileType 162->166 167 7ff6dcdb5f09-7ff6dcdb5f0f 162->167 163->161 169 7ff6dcdb5f91-7ff6dcdb5fcc GetLastError call 7ff6dcda5ffc CloseHandle 166->169 170 7ff6dcdb5fe2-7ff6dcdb5fe9 166->170 172 7ff6dcdb5f51-7ff6dcdb5f7f GetLastError call 7ff6dcda5ffc 167->172 173 7ff6dcdb5f11-7ff6dcdb5f15 167->173 169->161 187 7ff6dcdb5fd2-7ff6dcdb5fdd call 7ff6dcda6088 169->187 179 7ff6dcdb5ff1-7ff6dcdb5ff4 170->179 180 7ff6dcdb5feb-7ff6dcdb5fef 170->180 172->161 173->172 174 7ff6dcdb5f17-7ff6dcdb5f4f CreateFileW 173->174 174->166 174->172 184 7ff6dcdb5ffa-7ff6dcdb604f call 7ff6dcda6d78 179->184 185 7ff6dcdb5ff6 179->185 180->184 190 7ff6dcdb6051-7ff6dcdb605d call 7ff6dcdb5d28 184->190 191 7ff6dcdb606e-7ff6dcdb609f call 7ff6dcdb58a0 184->191 185->184 187->161 190->191 197 7ff6dcdb605f 190->197 198 7ff6dcdb60a1-7ff6dcdb60a3 191->198 199 7ff6dcdb60a5-7ff6dcdb60e7 191->199 200 7ff6dcdb6061-7ff6dcdb6069 call 7ff6dcdaa0f0 197->200 198->200 201 7ff6dcdb6109-7ff6dcdb6114 199->201 202 7ff6dcdb60e9-7ff6dcdb60ed 199->202 200->176 203 7ff6dcdb61b8 201->203 204 7ff6dcdb611a-7ff6dcdb611e 201->204 202->201 206 7ff6dcdb60ef-7ff6dcdb6104 202->206 203->176 204->203 207 7ff6dcdb6124-7ff6dcdb6169 CloseHandle CreateFileW 204->207 206->201 209 7ff6dcdb619e-7ff6dcdb61b3 207->209 210 7ff6dcdb616b-7ff6dcdb6199 GetLastError call 7ff6dcda5ffc call 7ff6dcda6fa0 207->210 209->203 210->209
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                        • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                                        • Instruction ID: 6a9f150d9c77d74e3eb90158f47f952d40f7f92cddb69d4f59259a4e44de5d8a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98C1D436B28A4985EB10CFA5C8906AC3772F799B98F110336DE1E97795DF38D466C300
                                                                                                                                                                                                                                        Function 00007FF6DCD917B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 3405171723-4158440160
                                                                                                                                                                                                                                        • Opcode ID: d33fb50f5f2e5480a80f1f8b9ff4d613c38e12406593b7a502615cadc3eb472b
                                                                                                                                                                                                                                        • Instruction ID: f31e1b73365b2affcc5330b60cf2602ed0fb1d2de6e433a2ef56942bf395b7e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d33fb50f5f2e5480a80f1f8b9ff4d613c38e12406593b7a502615cadc3eb472b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D516B76B09A0A96EB54CF24D86027C73A1FB48B88B508637DA1DC7799DF3CE562C740
                                                                                                                                                                                                                                        Function 00007FF6DCD912B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                        • API String ID: 0-3659356012
                                                                                                                                                                                                                                        • Opcode ID: 293740027c0754315229e77630c3fcf24aeeb13aab9dfad63d36ceaa1b3bb68c
                                                                                                                                                                                                                                        • Instruction ID: 84e3ef44cd931de6c2ee74e7be59074af3b249059ac95e991ee9b77e548dd079
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 293740027c0754315229e77630c3fcf24aeeb13aab9dfad63d36ceaa1b3bb68c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF416D65B08A4B81EA24EB11EC606BEA3B1EB487D0F544633DE4D87B55EE3CE563C300
                                                                                                                                                                                                                                        Function 00007FF6DCD91000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 278 7ff6dcd91000-7ff6dcd927b6 call 7ff6dcd9e3e0 call 7ff6dcd9e3d8 call 7ff6dcd967c0 call 7ff6dcd9a130 call 7ff6dcda4310 call 7ff6dcda4f7c call 7ff6dcd91af0 294 7ff6dcd928ca 278->294 295 7ff6dcd927bc-7ff6dcd927cb call 7ff6dcd92cd0 278->295 296 7ff6dcd928cf-7ff6dcd928ef call 7ff6dcd9a100 294->296 295->294 301 7ff6dcd927d1-7ff6dcd927e4 call 7ff6dcd92ba0 295->301 301->294 304 7ff6dcd927ea-7ff6dcd927fd call 7ff6dcd92c50 301->304 304->294 307 7ff6dcd92803-7ff6dcd9282a call 7ff6dcd95af0 304->307 310 7ff6dcd9286c-7ff6dcd92894 call 7ff6dcd960f0 call 7ff6dcd919d0 307->310 311 7ff6dcd9282c-7ff6dcd9283b call 7ff6dcd95af0 307->311 321 7ff6dcd9289a-7ff6dcd928b0 call 7ff6dcd919d0 310->321 322 7ff6dcd9297d-7ff6dcd9298e 310->322 311->310 317 7ff6dcd9283d-7ff6dcd92843 311->317 319 7ff6dcd9284f-7ff6dcd92869 call 7ff6dcda4138 call 7ff6dcd960f0 317->319 320 7ff6dcd92845-7ff6dcd9284d 317->320 319->310 320->319 335 7ff6dcd928f0-7ff6dcd928f3 321->335 336 7ff6dcd928b2-7ff6dcd928c5 call 7ff6dcd91c50 321->336 326 7ff6dcd92990-7ff6dcd9299a call 7ff6dcd924a0 322->326 327 7ff6dcd929a3-7ff6dcd929bb call 7ff6dcd96db0 322->327 338 7ff6dcd929db-7ff6dcd929e8 call 7ff6dcd94fa0 326->338 339 7ff6dcd9299c 326->339 340 7ff6dcd929ce-7ff6dcd929d5 SetDllDirectoryW 327->340 341 7ff6dcd929bd-7ff6dcd929c9 call 7ff6dcd91c50 327->341 335->322 337 7ff6dcd928f9-7ff6dcd92910 call 7ff6dcd92de0 335->337 336->294 349 7ff6dcd92912-7ff6dcd92915 337->349 350 7ff6dcd92917-7ff6dcd92943 call 7ff6dcd96360 337->350 351 7ff6dcd92a36-7ff6dcd92a3b call 7ff6dcd94f20 338->351 352 7ff6dcd929ea-7ff6dcd929fa call 7ff6dcd94c40 338->352 339->327 340->338 341->294 353 7ff6dcd92952-7ff6dcd92968 call 7ff6dcd91c50 349->353 362 7ff6dcd92945-7ff6dcd9294d call 7ff6dcd9e60c 350->362 363 7ff6dcd9296d-7ff6dcd9297b 350->363 359 7ff6dcd92a40-7ff6dcd92a43 351->359 352->351 361 7ff6dcd929fc-7ff6dcd92a0b call 7ff6dcd947a0 352->361 353->294 365 7ff6dcd92af6-7ff6dcd92afe call 7ff6dcd92330 359->365 366 7ff6dcd92a49-7ff6dcd92a56 359->366 378 7ff6dcd92a2c-7ff6dcd92a31 call 7ff6dcd949f0 361->378 379 7ff6dcd92a0d-7ff6dcd92a19 call 7ff6dcd94730 361->379 362->353 363->326 374 7ff6dcd92b03-7ff6dcd92b05 365->374 370 7ff6dcd92a60-7ff6dcd92a6a 366->370 371 7ff6dcd92a73-7ff6dcd92a75 370->371 372 7ff6dcd92a6c-7ff6dcd92a71 370->372 376 7ff6dcd92ac1-7ff6dcd92ad6 call 7ff6dcd92490 call 7ff6dcd922d0 call 7ff6dcd92480 371->376 377 7ff6dcd92a77-7ff6dcd92a9a call 7ff6dcd91b30 371->377 372->370 372->371 374->294 380 7ff6dcd92b0b-7ff6dcd92b42 call 7ff6dcd96080 call 7ff6dcd95af0 call 7ff6dcd94540 374->380 402 7ff6dcd92adb-7ff6dcd92af1 call 7ff6dcd949f0 call 7ff6dcd94f20 376->402 377->294 390 7ff6dcd92aa0-7ff6dcd92aab 377->390 378->351 379->378 391 7ff6dcd92a1b-7ff6dcd92a2a call 7ff6dcd94df0 379->391 380->294 403 7ff6dcd92b48-7ff6dcd92b7d call 7ff6dcd92490 call 7ff6dcd96130 call 7ff6dcd949f0 call 7ff6dcd94f20 380->403 394 7ff6dcd92ab0-7ff6dcd92abf 390->394 391->359 394->376 394->394 402->296 416 7ff6dcd92b7f-7ff6dcd92b82 call 7ff6dcd95df0 403->416 417 7ff6dcd92b87-7ff6dcd92b91 call 7ff6dcd91ab0 403->417 416->417 417->296
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD92CD0: GetModuleFileNameW.KERNEL32(?,00007FF6DCD927C9,?,?,?,?,?,?), ref: 00007FF6DCD92D01
                                                                                                                                                                                                                                        • SetDllDirectoryW.KERNEL32 ref: 00007FF6DCD929D5
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD95AF0: GetEnvironmentVariableW.KERNEL32(00007FF6DCD92817,?,?,?,?,?,?), ref: 00007FF6DCD95B2A
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD95AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD95B47
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                        • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                        • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                        • Opcode ID: 6ffaa7b6753284d36b7d0e83ed7552fa0ea6ef6719caab17f4e9f655f6ece649
                                                                                                                                                                                                                                        • Instruction ID: 98d5e7d401754daff819410f59658d840ac039d567c9ef9137ffa791faed1c8a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ffaa7b6753284d36b7d0e83ed7552fa0ea6ef6719caab17f4e9f655f6ece649
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FC1952AB1D68B55FA25AB219C702FD6391BF44784F404233EA4DC769AEF2CE527C740
                                                                                                                                                                                                                                        Function 00007FF6DCD91050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 421 7ff6dcd91050-7ff6dcd910ab call 7ff6dcd99990 424 7ff6dcd910d3-7ff6dcd910eb call 7ff6dcda414c 421->424 425 7ff6dcd910ad-7ff6dcd910d2 call 7ff6dcd91c50 421->425 430 7ff6dcd91109-7ff6dcd91119 call 7ff6dcda414c 424->430 431 7ff6dcd910ed-7ff6dcd91104 call 7ff6dcd91c10 424->431 437 7ff6dcd91137-7ff6dcd91147 430->437 438 7ff6dcd9111b-7ff6dcd91132 call 7ff6dcd91c10 430->438 436 7ff6dcd9126c-7ff6dcd912a0 call 7ff6dcd99670 call 7ff6dcda4138 * 2 431->436 440 7ff6dcd91150-7ff6dcd9116d call 7ff6dcd9e95c 437->440 438->436 446 7ff6dcd91172-7ff6dcd91175 440->446 448 7ff6dcd9125e 446->448 449 7ff6dcd9117b-7ff6dcd91185 call 7ff6dcd9e6d0 446->449 452 7ff6dcd91264 448->452 449->448 455 7ff6dcd9118b-7ff6dcd91197 449->455 452->436 456 7ff6dcd911a0-7ff6dcd911c8 call 7ff6dcd97de0 455->456 459 7ff6dcd91241-7ff6dcd9125c call 7ff6dcd91c50 456->459 460 7ff6dcd911ca-7ff6dcd911cd 456->460 459->452 461 7ff6dcd911cf-7ff6dcd911d9 460->461 462 7ff6dcd9123c 460->462 464 7ff6dcd91203-7ff6dcd91206 461->464 465 7ff6dcd911db-7ff6dcd911f0 call 7ff6dcd9f09c 461->465 462->459 467 7ff6dcd91208-7ff6dcd91216 call 7ff6dcd9aec0 464->467 468 7ff6dcd91219-7ff6dcd9121e 464->468 476 7ff6dcd911fe-7ff6dcd91201 465->476 477 7ff6dcd911f2-7ff6dcd911fc call 7ff6dcd9e6d0 465->477 467->468 468->456 471 7ff6dcd91220-7ff6dcd91223 468->471 474 7ff6dcd91225-7ff6dcd91228 471->474 475 7ff6dcd91237-7ff6dcd9123a 471->475 474->459 478 7ff6dcd9122a-7ff6dcd91232 474->478 475->452 476->459 477->468 477->476 478->440
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                        • API String ID: 0-1655038675
                                                                                                                                                                                                                                        • Opcode ID: 1d16528b1df1dfe657f4e37cc9f4127d49f1d24143a33f9dbcb2412e5f89ac10
                                                                                                                                                                                                                                        • Instruction ID: 618e29be03fa10d9aa74cd99ccf574d5769b4d6e49720c729a84f48a335707c0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d16528b1df1dfe657f4e37cc9f4127d49f1d24143a33f9dbcb2412e5f89ac10
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0551C226B0C68A85EA60AB51AC603BE62A1FB89794F444333DD4DC7785EE3CE567C700
                                                                                                                                                                                                                                        Function 00007FF6DCDAB08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 481 7ff6dcdab08c-7ff6dcdab0b2 482 7ff6dcdab0b4-7ff6dcdab0c8 call 7ff6dcda6068 call 7ff6dcda6088 481->482 483 7ff6dcdab0cd-7ff6dcdab0d1 481->483 497 7ff6dcdab4be 482->497 484 7ff6dcdab4a7-7ff6dcdab4b3 call 7ff6dcda6068 call 7ff6dcda6088 483->484 485 7ff6dcdab0d7-7ff6dcdab0de 483->485 504 7ff6dcdab4b9 call 7ff6dcda9f10 484->504 485->484 487 7ff6dcdab0e4-7ff6dcdab112 485->487 487->484 491 7ff6dcdab118-7ff6dcdab11f 487->491 494 7ff6dcdab121-7ff6dcdab133 call 7ff6dcda6068 call 7ff6dcda6088 491->494 495 7ff6dcdab138-7ff6dcdab13b 491->495 494->504 500 7ff6dcdab141-7ff6dcdab147 495->500 501 7ff6dcdab4a3-7ff6dcdab4a5 495->501 502 7ff6dcdab4c1-7ff6dcdab4d8 497->502 500->501 505 7ff6dcdab14d-7ff6dcdab150 500->505 501->502 504->497 505->494 508 7ff6dcdab152-7ff6dcdab177 505->508 510 7ff6dcdab179-7ff6dcdab17b 508->510 511 7ff6dcdab1aa-7ff6dcdab1b1 508->511 514 7ff6dcdab1a2-7ff6dcdab1a8 510->514 515 7ff6dcdab17d-7ff6dcdab184 510->515 512 7ff6dcdab1b3-7ff6dcdab1db call 7ff6dcdacc2c call 7ff6dcda9f78 * 2 511->512 513 7ff6dcdab186-7ff6dcdab19d call 7ff6dcda6068 call 7ff6dcda6088 call 7ff6dcda9f10 511->513 541 7ff6dcdab1f8-7ff6dcdab223 call 7ff6dcdab8b4 512->541 542 7ff6dcdab1dd-7ff6dcdab1f3 call 7ff6dcda6088 call 7ff6dcda6068 512->542 545 7ff6dcdab330 513->545 517 7ff6dcdab228-7ff6dcdab23f 514->517 515->513 515->514 520 7ff6dcdab241-7ff6dcdab249 517->520 521 7ff6dcdab2ba-7ff6dcdab2c4 call 7ff6dcdb2abc 517->521 520->521 525 7ff6dcdab24b-7ff6dcdab24d 520->525 532 7ff6dcdab34e 521->532 533 7ff6dcdab2ca-7ff6dcdab2df 521->533 525->521 529 7ff6dcdab24f-7ff6dcdab265 525->529 529->521 534 7ff6dcdab267-7ff6dcdab273 529->534 536 7ff6dcdab353-7ff6dcdab373 ReadFile 532->536 533->532 538 7ff6dcdab2e1-7ff6dcdab2f3 GetConsoleMode 533->538 534->521 539 7ff6dcdab275-7ff6dcdab277 534->539 543 7ff6dcdab379-7ff6dcdab381 536->543 544 7ff6dcdab46d-7ff6dcdab476 GetLastError 536->544 538->532 546 7ff6dcdab2f5-7ff6dcdab2fd 538->546 539->521 547 7ff6dcdab279-7ff6dcdab291 539->547 541->517 542->545 543->544 549 7ff6dcdab387 543->549 552 7ff6dcdab493-7ff6dcdab496 544->552 553 7ff6dcdab478-7ff6dcdab48e call 7ff6dcda6088 call 7ff6dcda6068 544->553 554 7ff6dcdab333-7ff6dcdab33d call 7ff6dcda9f78 545->554 546->536 551 7ff6dcdab2ff-7ff6dcdab321 ReadConsoleW 546->551 547->521 555 7ff6dcdab293-7ff6dcdab29f 547->555 560 7ff6dcdab38e-7ff6dcdab3a3 549->560 562 7ff6dcdab342-7ff6dcdab34c 551->562 563 7ff6dcdab323 GetLastError 551->563 556 7ff6dcdab329-7ff6dcdab32b call 7ff6dcda5ffc 552->556 557 7ff6dcdab49c-7ff6dcdab49e 552->557 553->545 554->502 555->521 558 7ff6dcdab2a1-7ff6dcdab2a3 555->558 556->545 557->554 558->521 566 7ff6dcdab2a5-7ff6dcdab2b5 558->566 560->554 568 7ff6dcdab3a5-7ff6dcdab3b0 560->568 562->560 563->556 566->521 573 7ff6dcdab3b2-7ff6dcdab3cb call 7ff6dcdaaca4 568->573 574 7ff6dcdab3d7-7ff6dcdab3df 568->574 580 7ff6dcdab3d0-7ff6dcdab3d2 573->580 577 7ff6dcdab3e1-7ff6dcdab3f3 574->577 578 7ff6dcdab45b-7ff6dcdab468 call 7ff6dcdaaae4 574->578 582 7ff6dcdab44e-7ff6dcdab456 577->582 583 7ff6dcdab3f5 577->583 578->580 580->554 582->554 585 7ff6dcdab3fa-7ff6dcdab401 583->585 586 7ff6dcdab403-7ff6dcdab407 585->586 587 7ff6dcdab43d-7ff6dcdab448 585->587 588 7ff6dcdab423 586->588 589 7ff6dcdab409-7ff6dcdab410 586->589 587->582 591 7ff6dcdab429-7ff6dcdab439 588->591 589->588 590 7ff6dcdab412-7ff6dcdab416 589->590 590->588 592 7ff6dcdab418-7ff6dcdab421 590->592 591->585 593 7ff6dcdab43b 591->593 592->591 593->582
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 6ace3fbad8ddd1cd05ed41dddf3a6c6a2c6962649ba5052cc4813f441b9b9292
                                                                                                                                                                                                                                        • Instruction ID: 35429a853d7fd845f572f59b1eabc97a7ea8b901414c0c6c683f57eb138cecba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ace3fbad8ddd1cd05ed41dddf3a6c6a2c6962649ba5052cc4813f441b9b9292
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73C1D432B0C68AA5E7208B559840ABE3761EBE1B80F554337DA4DC3791CE7DE867C720
                                                                                                                                                                                                                                        Function 00007FF6DCDAC590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 659 7ff6dcdac590-7ff6dcdac5b5 660 7ff6dcdac883 659->660 661 7ff6dcdac5bb-7ff6dcdac5be 659->661 664 7ff6dcdac885-7ff6dcdac895 660->664 662 7ff6dcdac5c0-7ff6dcdac5f2 call 7ff6dcda9e44 661->662 663 7ff6dcdac5f7-7ff6dcdac623 661->663 662->664 666 7ff6dcdac62e-7ff6dcdac634 663->666 667 7ff6dcdac625-7ff6dcdac62c 663->667 669 7ff6dcdac644-7ff6dcdac659 call 7ff6dcdb2abc 666->669 670 7ff6dcdac636-7ff6dcdac63f call 7ff6dcdab950 666->670 667->662 667->666 674 7ff6dcdac65f-7ff6dcdac668 669->674 675 7ff6dcdac773-7ff6dcdac77c 669->675 670->669 674->675 676 7ff6dcdac66e-7ff6dcdac672 674->676 677 7ff6dcdac7d0-7ff6dcdac7f5 WriteFile 675->677 678 7ff6dcdac77e-7ff6dcdac784 675->678 679 7ff6dcdac674-7ff6dcdac67c call 7ff6dcda3830 676->679 680 7ff6dcdac683-7ff6dcdac68e 676->680 681 7ff6dcdac800 677->681 682 7ff6dcdac7f7-7ff6dcdac7fd GetLastError 677->682 683 7ff6dcdac786-7ff6dcdac789 678->683 684 7ff6dcdac7bc-7ff6dcdac7c9 call 7ff6dcdac048 678->684 679->680 686 7ff6dcdac690-7ff6dcdac699 680->686 687 7ff6dcdac69f-7ff6dcdac6b4 GetConsoleMode 680->687 689 7ff6dcdac803 681->689 682->681 690 7ff6dcdac7a8-7ff6dcdac7ba call 7ff6dcdac268 683->690 691 7ff6dcdac78b-7ff6dcdac78e 683->691 698 7ff6dcdac7ce 684->698 686->675 686->687 696 7ff6dcdac76c 687->696 697 7ff6dcdac6ba-7ff6dcdac6c0 687->697 699 7ff6dcdac808 689->699 706 7ff6dcdac760-7ff6dcdac767 690->706 692 7ff6dcdac814-7ff6dcdac81e 691->692 693 7ff6dcdac794-7ff6dcdac7a6 call 7ff6dcdac14c 691->693 700 7ff6dcdac820-7ff6dcdac825 692->700 701 7ff6dcdac87c-7ff6dcdac881 692->701 693->706 696->675 704 7ff6dcdac749-7ff6dcdac75b call 7ff6dcdabbd0 697->704 705 7ff6dcdac6c6-7ff6dcdac6c9 697->705 698->706 707 7ff6dcdac80d 699->707 708 7ff6dcdac853-7ff6dcdac85d 700->708 709 7ff6dcdac827-7ff6dcdac82a 700->709 701->664 704->706 712 7ff6dcdac6d4-7ff6dcdac6e2 705->712 713 7ff6dcdac6cb-7ff6dcdac6ce 705->713 706->699 707->692 716 7ff6dcdac85f-7ff6dcdac862 708->716 717 7ff6dcdac864-7ff6dcdac873 708->717 714 7ff6dcdac843-7ff6dcdac84e call 7ff6dcda6044 709->714 715 7ff6dcdac82c-7ff6dcdac83b 709->715 718 7ff6dcdac740-7ff6dcdac744 712->718 719 7ff6dcdac6e4 712->719 713->707 713->712 714->708 715->714 716->660 716->717 717->701 718->689 721 7ff6dcdac6e8-7ff6dcdac6ff call 7ff6dcdb2b88 719->721 725 7ff6dcdac701-7ff6dcdac70d 721->725 726 7ff6dcdac737-7ff6dcdac73d GetLastError 721->726 727 7ff6dcdac70f-7ff6dcdac721 call 7ff6dcdb2b88 725->727 728 7ff6dcdac72c-7ff6dcdac733 725->728 726->718 727->726 732 7ff6dcdac723-7ff6dcdac72a 727->732 728->718 730 7ff6dcdac735 728->730 730->721 732->728
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6DCDAC57B), ref: 00007FF6DCDAC6AC
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6DCDAC57B), ref: 00007FF6DCDAC737
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                                        • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                                                                                                                                        • Instruction ID: 33fc9d9aba2d5ca529846864229ffa71a0a164fb5ea9c088f16cc00a6b96e1db
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7491B532F1865985FB549F69884067D2BA0BBE4B98F144236DE0ED7A94DF39D453C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA46E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                        • Opcode ID: 6f171c56c4af514848e95b4e04b562bbb562cc25ad397f2cc98f1fee1aaa5281
                                                                                                                                                                                                                                        • Instruction ID: 6e39eadbe48cbf4ed00cbe09cdd4ffc9958057a96bf18e9a2b7675044b9ebbb5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f171c56c4af514848e95b4e04b562bbb562cc25ad397f2cc98f1fee1aaa5281
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6241A122E1878583E7509B60991077D7260FBE5764F109336E69C83AD6DF7CA5B2C740
                                                                                                                                                                                                                                        Function 00007FF6DCD9A51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3058843127-0
                                                                                                                                                                                                                                        • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                                        • Instruction ID: f964884fbe0390106829a4d2ac8a771e1d0dcfbc825b79f3cd4b810a30919c84
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6314D1AF0C60A42FA50AB659C613BD2391AF81784F644737E90DC72D3DE3DA867C700
                                                                                                                                                                                                                                        Function 00007FF6DCDA89E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                        • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                                                                                                                                        • Instruction ID: cc794eac67c1e13f3b28041e95e95519925e01e1a46b7f49edc8bf52d35a95d8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBD09210F0874A86EB582B709C9567D22625FA8751F20273ACC4FC6397CE3DE8AFC240
                                                                                                                                                                                                                                        Function 00007FF6DCD9E6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                        control_flow_graph 833 7ff6dcd9e6fc-7ff6dcd9e729 834 7ff6dcd9e745 833->834 835 7ff6dcd9e72b-7ff6dcd9e72e 833->835 837 7ff6dcd9e747-7ff6dcd9e75b 834->837 835->834 836 7ff6dcd9e730-7ff6dcd9e733 835->836 838 7ff6dcd9e735-7ff6dcd9e73a call 7ff6dcda6088 836->838 839 7ff6dcd9e75c-7ff6dcd9e75f 836->839 851 7ff6dcd9e740 call 7ff6dcda9f10 838->851 841 7ff6dcd9e76f-7ff6dcd9e773 839->841 842 7ff6dcd9e761-7ff6dcd9e76d 839->842 843 7ff6dcd9e775-7ff6dcd9e77f call 7ff6dcd9b880 841->843 844 7ff6dcd9e787-7ff6dcd9e78a 841->844 842->841 846 7ff6dcd9e79a-7ff6dcd9e7a3 842->846 843->844 844->838 848 7ff6dcd9e78c-7ff6dcd9e798 844->848 849 7ff6dcd9e7a5-7ff6dcd9e7a8 846->849 850 7ff6dcd9e7aa 846->850 848->838 848->846 853 7ff6dcd9e7af-7ff6dcd9e7ce 849->853 850->853 851->834 855 7ff6dcd9e915-7ff6dcd9e918 853->855 856 7ff6dcd9e7d4-7ff6dcd9e7e2 853->856 855->837 857 7ff6dcd9e7e4-7ff6dcd9e7eb 856->857 858 7ff6dcd9e85a-7ff6dcd9e85f 856->858 857->858 859 7ff6dcd9e7ed 857->859 860 7ff6dcd9e861-7ff6dcd9e86d 858->860 861 7ff6dcd9e8cc-7ff6dcd9e8cf call 7ff6dcdab4dc 858->861 865 7ff6dcd9e940 859->865 866 7ff6dcd9e7f3-7ff6dcd9e7fd 859->866 863 7ff6dcd9e86f-7ff6dcd9e876 860->863 864 7ff6dcd9e879-7ff6dcd9e87f 860->864 868 7ff6dcd9e8d4-7ff6dcd9e8d7 861->868 863->864 870 7ff6dcd9e91d-7ff6dcd9e921 864->870 871 7ff6dcd9e885-7ff6dcd9e8a2 call 7ff6dcda92e4 call 7ff6dcdab08c 864->871 867 7ff6dcd9e945-7ff6dcd9e950 865->867 869 7ff6dcd9e803-7ff6dcd9e809 866->869 866->870 867->837 868->867 873 7ff6dcd9e8d9-7ff6dcd9e8dc 868->873 876 7ff6dcd9e841-7ff6dcd9e855 869->876 877 7ff6dcd9e80b-7ff6dcd9e80e 869->877 874 7ff6dcd9e930-7ff6dcd9e93b call 7ff6dcda6088 870->874 875 7ff6dcd9e923-7ff6dcd9e92b call 7ff6dcd9b880 870->875 892 7ff6dcd9e8a7-7ff6dcd9e8a9 871->892 873->870 882 7ff6dcd9e8de-7ff6dcd9e8f5 873->882 874->851 875->874 881 7ff6dcd9e8fc-7ff6dcd9e907 876->881 883 7ff6dcd9e810-7ff6dcd9e816 877->883 884 7ff6dcd9e82c-7ff6dcd9e837 call 7ff6dcda6088 call 7ff6dcda9f10 877->884 881->856 890 7ff6dcd9e90d 881->890 882->881 885 7ff6dcd9e822-7ff6dcd9e827 call 7ff6dcd9b880 883->885 886 7ff6dcd9e818-7ff6dcd9e820 call 7ff6dcd9aec0 883->886 899 7ff6dcd9e83c 884->899 885->884 886->899 890->855 896 7ff6dcd9e8af 892->896 897 7ff6dcd9e955-7ff6dcd9e95a 892->897 896->865 900 7ff6dcd9e8b5-7ff6dcd9e8ca 896->900 897->867 899->876 900->881
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                                                                                                                                                                                        • Instruction ID: a8027534bfd65590c95dd72046ae59e61b62083b39c68e6dfb972e1668906f35
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84513729B096498AE7689F669C1067E6281BF84BA4F184736DD7CC3BC5DF3CD623C601
                                                                                                                                                                                                                                        Function 00007FF6DCDAC048 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 442123175-0
                                                                                                                                                                                                                                        • Opcode ID: 48497a76b3055afe52661005fd715ce1d46b06a16acad2e21dfde3d81f02aed8
                                                                                                                                                                                                                                        • Instruction ID: d85e7888d7ff157caa35e98ec0afb53b27c89c5bee59cbb7101b0b105611f86c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48497a76b3055afe52661005fd715ce1d46b06a16acad2e21dfde3d81f02aed8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F31CE32B18A899ADB108F15E8406AD77A0FBA8790F544233EB4DC3754EE3DD466CB00
                                                                                                                                                                                                                                        Function 00007FF6DCDABA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: FileHandleType
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3000768030-0
                                                                                                                                                                                                                                        • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                                        • Instruction ID: ee2c20e091307d93c4e2bd904838c7b6bda86bf38fd9df7eae5559fbdab9f596
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62317431B18B4A51D7608B14899057C2A50EB95BB0F68133ADB6EC73E4CF39E4B3D311
                                                                                                                                                                                                                                        Function 00007FF6DCDAB764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6DCDAB750,00000000,?,?,?,00007FF6DCD91023,00007FF6DCDAB859), ref: 00007FF6DCDAB7B0
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00007FF6DCDAB750,00000000,?,?,?,00007FF6DCD91023,00007FF6DCDAB859), ref: 00007FF6DCDAB7BA
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                        • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                                        • Instruction ID: 5db352bd69a30081b5c04189d19a4bb0626f6cbd794702ad4c58676d3b300f83
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A110172B08B8681DA509B26A80406D6361EB90BF4F645332EE7D8B7D8CE7CD062C700
                                                                                                                                                                                                                                        Function 00007FF6DCDAA188 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00007FF6DCDAA005,?,?,00000000,00007FF6DCDAA0BA), ref: 00007FF6DCDAA1F6
                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6DCDAA005,?,?,00000000,00007FF6DCDAA0BA), ref: 00007FF6DCDAA200
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                        • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                                        • Instruction ID: 036cf7084ebe08d5f0e89ce5d698d2f87a5efa07f55a4a6e92dca1de41530376
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8218121F1864B41FEA097619C9467E22929FE47A4F25433BDA2EC77C5CE7CA467CB00
                                                                                                                                                                                                                                        Function 00007FF6DCDAB4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                                        • Instruction ID: 27237e72f8d0cc4eadd41473b8436f194f871a33f3d36f745a28d33aa5dc161f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141C432B0824997EA24CB19A95067D77A0EBA6B50F141333D68EC76D4CF2CE423CB61
                                                                                                                                                                                                                                        Function 00007FF6DCD96360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                        • Opcode ID: 353ffc531782c6e24f84ea1d3dc8a124cb5c868539bb9858494f70d125012c9b
                                                                                                                                                                                                                                        • Instruction ID: dd2a13ae4cd0ceeb443185c55fc633b4afabdda22c4add5f785141af53e94312
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353ffc531782c6e24f84ea1d3dc8a124cb5c868539bb9858494f70d125012c9b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D121E425B0C69A55EA509B926D207BEA650BF45FC4F8C4136EE0C87786CE3CE123C300
                                                                                                                                                                                                                                        Function 00007FF6DCDAAF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                                                                                                                                                                                        • Instruction ID: b5e5c1212493c43bdfbbcca15076587590be56a84650d918c1b80aac75dc20a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D31C462F1860A81E7155B968C41B7D2690ABE4B94F510337EA1DC33D2DF7DE4A3C724
                                                                                                                                                                                                                                        Function 00007FF6DCDA8919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                                        • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                                                                                                                                        • Instruction ID: 322b6ee638fd36931c6f7ff6dd18496ef070cb608ad99d842d2f7249dd20f3d0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE219C32B0470A8AEB249F64CC406FC37A0EB94318F281736DA5D86AC5DF38D5A6C785
                                                                                                                                                                                                                                        Function 00007FF6DCDA5538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                                        • Instruction ID: 567611d89a80e79597e7beda9a12690d57d8d395da456972665fe9d1d71165df
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B411C621B1CA4985EA609F419C00A7EA260BFE5B80F544637EB8CD7A86DFBDD463D740
                                                                                                                                                                                                                                        Function 00007FF6DCDB57DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                                        • Instruction ID: b26ed1c8c2329e468c0a4832950c435b49a27462b9a921309322ae00f7d4f1ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4321AF32B08A8687DB618F18D84036DB6B1EB94B54F544336E65DC76D9EF3CD422CB00
                                                                                                                                                                                                                                        Function 00007FF6DCD9E97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                        • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                                        • Instruction ID: 12f024d665836bef80bf7cc197101155d0918f517726b77ed6e871350405b951
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F201E125B08B5980EA44AB529C0006DA691AB96FE0F084B32EE6C97BD6CF3CD563C300
                                                                                                                                                                                                                                        Function 00007FF6DCD96310 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FF6DCD96DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF6DCD96DEA
                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6DCD922DE,?,?,?,?), ref: 00007FF6DCD96333
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2592636585-0
                                                                                                                                                                                                                                        • Opcode ID: 4f2292e1e78b6b04c2ade65416a023b90951e6264d27b8cd69ba397aaf3470f3
                                                                                                                                                                                                                                        • Instruction ID: 7c5d079ddf501e6c61c3619e25b3b4aa9d160be47b44c2348b8d734c04b9e187
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f2292e1e78b6b04c2ade65416a023b90951e6264d27b8cd69ba397aaf3470f3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75E08611B1454542DA589767AD1646EA251EF88BC0B589136DE0D87759DD3CD4A28B00
                                                                                                                                                                                                                                        Function 00007FFD93EF2B53 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2498738878.00007FFD93EF1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFD93EF0000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498584550.00007FFD93EF0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD93EFD000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD93F55000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD93F69000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD93F7A000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD93F80000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD93F8D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2498738878.00007FFD9413C000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499298256.00007FFD9413E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499298256.00007FFD94169000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499298256.00007FFD9419A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499298256.00007FFD941C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499513308.00007FFD9420E000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499549769.00007FFD9420F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499585890.00007FFD94216000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499585890.00007FFD94233000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2499585890.00007FFD94237000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffd93ef0000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3978063606-0
                                                                                                                                                                                                                                        • Opcode ID: 14d74f85b2e8baa3e8438b1fa0a53a8a1fdd96c28c0e610460e55e5a27636721
                                                                                                                                                                                                                                        • Instruction ID: a396edf1bdc8caad5e0b9fa7dd48b8faab05dc934d5f9376215a5f7faeb610b5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14d74f85b2e8baa3e8438b1fa0a53a8a1fdd96c28c0e610460e55e5a27636721
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CC01265F0500787E7182379CCB616E11545F45710F908038E00EC6692DD0D5959D700
                                                                                                                                                                                                                                        Function 00007FF6DCDADEB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF6DCDAAA16,?,?,?,00007FF6DCDA9BD3,?,?,00000000,00007FF6DCDA9E6E), ref: 00007FF6DCDADF0D
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2497492436.00007FF6DCD91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6DCD90000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497437525.00007FF6DCD90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497577952.00007FF6DCDBA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDCD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDD0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497620396.00007FF6DCDDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2497776391.00007FF6DCDDE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff6dcd90000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                        • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                                        • Instruction ID: 2231ca06321b8b36e7baad2e4ac933e18a680e3e5ef1076cb2623e58681b4faf
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BF04944B0A24B80FE595B625C10ABE22A15FE8B40F5C4633DA0EC62D5DE3CE6A3C220

                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                        Function 00007FFDA33BCC40 Relevance: 77.4, APIs: 43, Strings: 1, Instructions: 365COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FFDA33B7419), ref: 00007FFDA33BCC8D
                                                                                                                                                                                                                                        • ERR_put_error.LIBCRYPTO-1_1(?,?,?,00000000,00000000,00007FFDA33B7419), ref: 00007FFDA33BCCDC
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 9dbc1932825bec72384a2af88c9ee988da92eb91aa5f68dea2841f60397d5dbb
                                                                                                                                                                                                                                        • Instruction ID: 7a0aa71b76016b67efa19de214d80e3f28c6a3092a2a400c9216e03f467d0eba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9dbc1932825bec72384a2af88c9ee988da92eb91aa5f68dea2841f60397d5dbb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9E1D522B0EF4282FA20FF15E4246A96792EB81794F804135EA5D5B7D7CF3EE545C708
                                                                                                                                                                                                                                        Function 00007FFDA3391410 Relevance: 75.5, APIs: 3, Strings: 40, Instructions: 244COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_ciph.c$3DES(168)$AEAD$AES(128)$AES(256)$AESCCM(128)$AESCCM(256)$AESCCM8(128)$AESCCM8(256)$AESGCM(128)$AESGCM(256)$ARIAGCM(128)$ARIAGCM(256)$CHACHA20/POLY1305(256)$Camellia(128)$Camellia(256)$DES(56)$DHEPSK$ECDH$ECDHEPSK$GOST$GOST2012$GOST89$GOST89(256)$GOST94$IDEA(128)$MD5$None$PSK$RC2(128)$RC4(128)$RSA$RSAPSK$SEED(128)$SHA1$SHA256$SHA384$SRP$any$unknown
                                                                                                                                                                                                                                        • API String ID: 2513334388-3318204952
                                                                                                                                                                                                                                        • Opcode ID: 1aa1e057ae637e363b2c3ccd6bb40e4b0f42c8112b1ed12394721689442d8dd0
                                                                                                                                                                                                                                        • Instruction ID: 2e051d9bf4214c9379c6dc6e62e22b9af2d23126cb593e3078fdc146eb67724d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aa1e057ae637e363b2c3ccd6bb40e4b0f42c8112b1ed12394721689442d8dd0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8B11E61F0EF8690F6A4F75494785B96263AF06340F900932D84D727EB8F7FB949D248
                                                                                                                                                                                                                                        Function 00007FFDA33920AE Relevance: 56.4, APIs: 30, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_new$R_flagsR_key_lengthX_freeX_reset
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_enc.c$x
                                                                                                                                                                                                                                        • API String ID: 3297287953-3671953471
                                                                                                                                                                                                                                        • Opcode ID: 9d29aeae932a23297f7f2f0b9bc61dc63c0244c18ac57ea40f28786c781c125d
                                                                                                                                                                                                                                        • Instruction ID: f03e95085bd64cf46c95078c2b8ea3f9a7505db7839d567d545bfc361163b7b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d29aeae932a23297f7f2f0b9bc61dc63c0244c18ac57ea40f28786c781c125d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30F1A23670FB4285EB60EB11E0647B92791EB85B88F848135DE4DAB796DF3EE405C708
                                                                                                                                                                                                                                        Function 00007FFDA33C4AF0 Relevance: 54.5, APIs: 28, Strings: 3, Instructions: 268COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$R_put_error$D_lock_freeD_read_lockD_unlockL_cleanse$D_lock_newL_sk_pop_freeO_clear_freeO_free_ex_dataO_new_ex_dataO_zallocX509_free_time64memcpymemset
                                                                                                                                                                                                                                        • String ID: $..\s\ssl\ssl_sess.c$T
                                                                                                                                                                                                                                        • API String ID: 1939687532-2024727245
                                                                                                                                                                                                                                        • Opcode ID: 048a85a0916dacdbbbd12a9427b496f41b3c787dc0a188fe98e8a23b4dad94c7
                                                                                                                                                                                                                                        • Instruction ID: cb25353a93bd1feba22fa6805d93f83f0a77708bd23df5da0869c9251c427fe7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 048a85a0916dacdbbbd12a9427b496f41b3c787dc0a188fe98e8a23b4dad94c7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27C1DD32B0EA8292E755BE25C4697F92392EB80B84F444135DE0D6F79ACF3EE515C708
                                                                                                                                                                                                                                        Function 00007FFDA3391398 Relevance: 46.1, APIs: 24, Strings: 2, Instructions: 561COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Y_free$H_freeH_get0_keyO_freeX_freeX_newY_assignY_get0_Y_get1_tls_encodedpointY_newY_security_bits
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$g
                                                                                                                                                                                                                                        • API String ID: 2527737224-1154185083
                                                                                                                                                                                                                                        • Opcode ID: 555df763fe4686888cc1cbe299ba69959092a25aed2ea27cc92f5607a451ed07
                                                                                                                                                                                                                                        • Instruction ID: 9c5872e58186c7fd293a6f898a27a81377c04eec0a3a0d586752ce4e0f7e1765
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 555df763fe4686888cc1cbe299ba69959092a25aed2ea27cc92f5607a451ed07
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6732B362B0EF4289F724AB11D4603BD67A2EB44F88F544135DE4D6BB9ADF3EE5018708
                                                                                                                                                                                                                                        Function 00007FFDA33915B4 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 207COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: E_finishY_asn1_find_strY_asn1_get0_info$J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbyname
                                                                                                                                                                                                                                        • String ID: `$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512
                                                                                                                                                                                                                                        • API String ID: 3257371973-344903700
                                                                                                                                                                                                                                        • Opcode ID: 918b2daf28f4c25b14c131dd22c993b467b2069655a6c64f2e3f4f993ea251fe
                                                                                                                                                                                                                                        • Instruction ID: c0456cf535be3207adda5236c16423bbea13c73e7f4fcd12834dc4b778dc5614
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 918b2daf28f4c25b14c131dd22c993b467b2069655a6c64f2e3f4f993ea251fe
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41A18532F0EB518AE720AF64E8606A937A2FF48758F400235E64D97B9ADF7DD540C748
                                                                                                                                                                                                                                        Function 00007FFDA33AC910 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 159COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$R_put_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_newX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c$ssl_client$ssl_server
                                                                                                                                                                                                                                        • API String ID: 4052934069-2466788060
                                                                                                                                                                                                                                        • Opcode ID: d40ce3805cd5177f50e15a12f191cf06435b50a5fcd7fb50a6a53f476776bff0
                                                                                                                                                                                                                                        • Instruction ID: c76b0b2861fbefd271dc68b0eda3cd9f8b72f8604e8b87b6c792f4228e12afa3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d40ce3805cd5177f50e15a12f191cf06435b50a5fcd7fb50a6a53f476776bff0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53613E61B0FB4281EA44FF6195642BA6393AF85BC4F844435DD4DAB79BDE3EE801C708
                                                                                                                                                                                                                                        Function 00007FFDA3392207 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 212COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
                                                                                                                                                                                                                                        • API String ID: 1767461275-1115027282
                                                                                                                                                                                                                                        • Opcode ID: b8d235ada44b495f59553c9ff87977e147138e6ef8b045bf024c69b094ff3bc8
                                                                                                                                                                                                                                        • Instruction ID: 6fba3e5ec463e034396abeb5e55e15bdc1645faab57658c9e5111009c81b62b0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8d235ada44b495f59553c9ff87977e147138e6ef8b045bf024c69b094ff3bc8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDA13921B0FF4291FB51AF21D0653A936A2EF44B48F440139DA4D6A39BEF7EE944C718
                                                                                                                                                                                                                                        Function 00007FFDA3391DBB Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: N_dupN_free$O_freeO_strdup$R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                        • API String ID: 2900198586-1778748169
                                                                                                                                                                                                                                        • Opcode ID: a64d1e69da25e315c89efc7acee8e595723de1b93ca4a074f4fb6b34d671ce62
                                                                                                                                                                                                                                        • Instruction ID: f9fb6328046d2e94a526fa448698e41303ecf9d260b3438cc8e1f4693b573f47
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a64d1e69da25e315c89efc7acee8e595723de1b93ca4a074f4fb6b34d671ce62
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81A14A22F0FF8281EA55EF25D4203B863A1FF84B44F884136DE8C5B356DF6EA5918754
                                                                                                                                                                                                                                        Function 00007FFDA339214E Relevance: 36.8, APIs: 20, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$L_sk_free$L_sk_pop_free$E_free$D_lock_freeE_finishH_freeO_free_ex_dataO_secure_freeX509_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 4271332762-1080266419
                                                                                                                                                                                                                                        • Opcode ID: a10a9f8bd0412b9d50dc06384b695cf06d918501ec2b0ae83b6a1ffd425cc84c
                                                                                                                                                                                                                                        • Instruction ID: 637aae2c721bf91a7035e7ad7cc7699fce153c9a1e1cf03294747682455f0ae5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a10a9f8bd0412b9d50dc06384b695cf06d918501ec2b0ae83b6a1ffd425cc84c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F041FD61B0FE8291EB41BF25D4757E82322EF84B88F445131E90D6F3ABCE6AE545C318
                                                                                                                                                                                                                                        Function 00007FFDA33940AA Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_set_init$O_clear_flagsO_get_dataR_put_error$O_freeO_get_initO_pushO_set_nextO_set_shutdownO_up_refO_zalloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\bio_ssl.c$=
                                                                                                                                                                                                                                        • API String ID: 2608601196-3341019427
                                                                                                                                                                                                                                        • Opcode ID: 52d0ef611ae0db7b5c93ab95d0e0b6a82408f9aafce4d9674ef5d81094a148ff
                                                                                                                                                                                                                                        • Instruction ID: 79e81daef1cb9f9724a1a7e5f58a64fdab9137e60efca5190dffa22cace2202f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52d0ef611ae0db7b5c93ab95d0e0b6a82408f9aafce4d9674ef5d81094a148ff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86316B11B0FB5682FA15FA6795361B952835F86BD0F804131EC1D2FB9BEE2EE5068348
                                                                                                                                                                                                                                        Function 00007FFDA3392478 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcmp$memcpy$O_clear_freeO_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_enc.c$client finished$extended master secret$key expa$master s$n$nsio$server finished
                                                                                                                                                                                                                                        • API String ID: 1314788138-2209449699
                                                                                                                                                                                                                                        • Opcode ID: 44033148845539d9cc624bc1e15ecc8e47d8e21887984bbc94543c68700ca028
                                                                                                                                                                                                                                        • Instruction ID: ec5e0b5ba565192f21ce01d777be0c39507b64adebcffafed6c7a8f785cdc2a7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44033148845539d9cc624bc1e15ecc8e47d8e21887984bbc94543c68700ca028
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E351F622B0EF8281E7609F15E8103A967A2FB54BD4F848136DE8D5B756DF3ED584C704
                                                                                                                                                                                                                                        Function 00007FFDA339177B Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 433COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_freeY_free$DigestSign$InitO_memcmpP_sha256X_newY_new_raw_private_key
                                                                                                                                                                                                                                        • String ID: $..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                        • API String ID: 1001666065-1533168471
                                                                                                                                                                                                                                        • Opcode ID: 228074afaaad99da376c50bca2e69f87afa3c79eecb257ffefa51a005909fa7e
                                                                                                                                                                                                                                        • Instruction ID: 0d6c34563646b17c9c1ea01ad774202ea1e566a3687d9302f8b52840ae187e88
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 228074afaaad99da376c50bca2e69f87afa3c79eecb257ffefa51a005909fa7e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8212C562B0E94281EB51AA21D4342BE6792EB807D4F444431FA4EA77D7DF3FDA45CB08
                                                                                                                                                                                                                                        Function 00007FFDA33915C8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeX_freeX_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                        • API String ID: 419883019-2839845709
                                                                                                                                                                                                                                        • Opcode ID: 6a755ea9c73d15a06f9fae5d64ea45455c64c302d615cec92c6846e8d792a0cc
                                                                                                                                                                                                                                        • Instruction ID: 1684e9033d8306cc46f9ea24ed13990dab3a03d7a51c126e75e041348944cef7
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a755ea9c73d15a06f9fae5d64ea45455c64c302d615cec92c6846e8d792a0cc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE91863171EA4281F6A0BB13E5206BA66D2EB84BC8F540035EE4D6BB97DF3ED5458708
                                                                                                                                                                                                                                        Function 00007FFDA3391924 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: N_copyN_free$N_dup$O_freeO_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                        • API String ID: 3070725730-1778748169
                                                                                                                                                                                                                                        • Opcode ID: 3529647e5388e79b4e08aa8905721dc8b67e2127d1315949f88bef6cc7e3578a
                                                                                                                                                                                                                                        • Instruction ID: 676000521d14af5a77b2e51ada97d3b96177c6d42afbcd19697c4ba63801db45
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3529647e5388e79b4e08aa8905721dc8b67e2127d1315949f88bef6cc7e3578a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40416521F4FE8280EA94BE65D0603BC6692EF44F84F884135ED4D6F78BDF2EA4418758
                                                                                                                                                                                                                                        Function 00007FFDA3391393 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 347COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1068509327-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 33a8604e3e734f3de0071903ef926e989e1ee882b764758f265f05e998f439aa
                                                                                                                                                                                                                                        • Instruction ID: 0038e0f8b96970dbca729a61470568293ab2f753a0b048d65de90308d169e29a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33a8604e3e734f3de0071903ef926e989e1ee882b764758f265f05e998f439aa
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEE1B432B0EB8186E720AB15D4607A97B92EF44BC8F044535DE8D5BB9ACF3EE551CB04
                                                                                                                                                                                                                                        Function 00007FFDA33E3020 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 334COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$X_free$memcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                        • API String ID: 1711549817-3140652063
                                                                                                                                                                                                                                        • Opcode ID: f91135484fb83f554bd2d771069b0643860c2c41a78ebef891c7ccd5b1ce1bd7
                                                                                                                                                                                                                                        • Instruction ID: ac5f5831a5d697001d3e50b87da796e63c26decd5a9bf4f42ceb239e88b2ddf0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f91135484fb83f554bd2d771069b0643860c2c41a78ebef891c7ccd5b1ce1bd7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3F1B132B0DA8186E724AF21D4603BC37A2FB44798F184035EE8D6BB96CF3AD595C744
                                                                                                                                                                                                                                        Function 00007FFDA339256D Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 313COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_iv_length
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_record_tls13.c$M
                                                                                                                                                                                                                                        • API String ID: 507009519-1371881060
                                                                                                                                                                                                                                        • Opcode ID: dae07bbd3662d4aa9ee56d32344ef056f71b635177ab2fb19e35e397fd50abcf
                                                                                                                                                                                                                                        • Instruction ID: b00e92c01eceb22bdc4ce4888dcf22a39bcffb6b591843a18a3ca0605fa455e4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dae07bbd3662d4aa9ee56d32344ef056f71b635177ab2fb19e35e397fd50abcf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85E1B122F0EAC18AE720AB65E0203BD77A2FB45748F048535DE4DA7B9ADF3AD551C704
                                                                                                                                                                                                                                        Function 00007FFDA339194C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 270COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$memcpy$N1_item_free$O_strndupR_put_errorX509_free_time64
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                                                                        • API String ID: 3876440904-3659835543
                                                                                                                                                                                                                                        • Opcode ID: 8b3a8fca45320b57d52df8c2ae94b5a570b7f776b7375ce56eb42ac67dc89b93
                                                                                                                                                                                                                                        • Instruction ID: 8963043899e5dcd7816a48222bca0ca30a642eb3084aa66947832b81681554f9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b3a8fca45320b57d52df8c2ae94b5a570b7f776b7375ce56eb42ac67dc89b93
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4D12C32B0AB8681EB54EF25D4A46AC33A2FB45B44F484435DE4EAB796DF3BE450C314
                                                                                                                                                                                                                                        Function 00007FFDA339ECA0 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 270COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_sizeX_md
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                                        • API String ID: 3984586431-2721125279
                                                                                                                                                                                                                                        • Opcode ID: 665f4692fee0aafa128237a423928d7ade590b1bc58e1f5d8c8e4e505b0eef55
                                                                                                                                                                                                                                        • Instruction ID: 3dd745b1b658240486c2743aac09101abb607e8db0cf7eb726885e7ba6949851
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 665f4692fee0aafa128237a423928d7ade590b1bc58e1f5d8c8e4e505b0eef55
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45C18032B0EE42C5EB60AF21D8247AD3796EB44B88F440132DA4D6B796DF3EE545C718
                                                                                                                                                                                                                                        Function 00007FFDA33921BC Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 337COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$D_sizeDigestO_mallocP_sha256_time64
                                                                                                                                                                                                                                        • String ID: !$..\s\ssl\statem\statem_clnt.c$resumption
                                                                                                                                                                                                                                        • API String ID: 1034084170-1543118774
                                                                                                                                                                                                                                        • Opcode ID: 0b1cda9164ceff43c224b0bf4b5dd04e546f4e76838c59cc5ea61f6fb5501721
                                                                                                                                                                                                                                        • Instruction ID: d0db379dd5157f9ea2142be0cfbed6eb068fb115c8b6a9a974aa53625ca98f06
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b1cda9164ceff43c224b0bf4b5dd04e546f4e76838c59cc5ea61f6fb5501721
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DE19E72B0DA8185E720AB15E4A43ADBBA2FB84BC4F048535DA8C97796DF3FD584C704
                                                                                                                                                                                                                                        Function 00007FFDA3391B7C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: N_free$O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                        • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                        • Opcode ID: 66b18fd481b2d86ea74e6fe59f53d003863e67a7d2d84cadbfbd2456b6f4df2e
                                                                                                                                                                                                                                        • Instruction ID: 48d7d86a81850b304bf0b853c193fc828da9589ab250c4e0688fe7fe5d71d6ee
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66b18fd481b2d86ea74e6fe59f53d003863e67a7d2d84cadbfbd2456b6f4df2e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD211B16E1EA8281E750FB26C8613F81361FF94B48F495231AD4C5E257DFAEA1C18798
                                                                                                                                                                                                                                        Function 00007FFDA3391050 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_free$Y_free$L_cleanseO_free$N_bn2binN_num_bits
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 407376196-1507966698
                                                                                                                                                                                                                                        • Opcode ID: c01609528a04b4fdc2a7a3cbb955f5004199c62805ae4c7326b587a6c5de83ab
                                                                                                                                                                                                                                        • Instruction ID: 20239222e9a3721106e9b947d940d606441fd8bcac54a9643df32878853ae4d0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c01609528a04b4fdc2a7a3cbb955f5004199c62805ae4c7326b587a6c5de83ab
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0B19F72B1EB4281FB60AB12D4647BD6792EB84BC4F044531DE4D6BB9ACF3EE1418708
                                                                                                                                                                                                                                        Function 00007FFDA33FD180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: N_clear_free$N_num_bitsO_clear_freeO_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                        • API String ID: 2929032726-1778748169
                                                                                                                                                                                                                                        • Opcode ID: 48bad1fa5dc3c7ca6bfccabbc63b572ade55c78cf39ce679dc009b5120da3706
                                                                                                                                                                                                                                        • Instruction ID: 7f5f7750caf5efcd5412d3cfa4a37cecb54899cf935377d92856ffbbfd56fc1e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48bad1fa5dc3c7ca6bfccabbc63b572ade55c78cf39ce679dc009b5120da3706
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66519F72B0FF4281EA14BB16A5642A96692FF45BC4F840036DF5D2B78ADF3DE111C748
                                                                                                                                                                                                                                        Function 00007FFDA3391C03 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_free$memcpy$L_cleanseO_mallocmemset
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 2649524955-4238427508
                                                                                                                                                                                                                                        • Opcode ID: 3aa634259ee7622d76777a977971d33b8c495ba64d48e68a9b732cad8be298fb
                                                                                                                                                                                                                                        • Instruction ID: db4a43f68f04dd4c640e8e5d9296e8639e12b58be3d0914781757864779faa17
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3aa634259ee7622d76777a977971d33b8c495ba64d48e68a9b732cad8be298fb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9251BC22B0AB8182EB54AB16E4546AA7BA5FB44FC4F444532DF8D5B766CF3ED052C308
                                                                                                                                                                                                                                        Function 00007FFDA3391A05 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freememcpy$O_zalloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 150470908-348624464
                                                                                                                                                                                                                                        • Opcode ID: 287f63d21363568e808960b54c55bf19df08a245bb35f3559ad3dfbe88de5d56
                                                                                                                                                                                                                                        • Instruction ID: ff4f69a0a27d391d0215e24786db59c336da85220cb513eed5a2d61eb036489b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 287f63d21363568e808960b54c55bf19df08a245bb35f3559ad3dfbe88de5d56
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E702E232F1EE4181E7249B11E46427A77A2EB45B84F948135EB9D2BB96DF3EE090C704
                                                                                                                                                                                                                                        Function 00007FFDA33DAD60 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 198COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: $..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 0-745226041
                                                                                                                                                                                                                                        • Opcode ID: a44dbe035d2bf5a306e77994393f4aee73a2e17b7dc371bad6e8d007b9687ec2
                                                                                                                                                                                                                                        • Instruction ID: db0f170fcd5538a1b59f1c88c1284624e0da6221df120cadbee4384bec4142af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a44dbe035d2bf5a306e77994393f4aee73a2e17b7dc371bad6e8d007b9687ec2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9817172B0EB4286FA64BB22E4247BA2252EF85BC4F404531DD4D6B797DF2FD5418708
                                                                                                                                                                                                                                        Function 00007FFDA33DB1A0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA33DC17E), ref: 00007FFDA33DB438
                                                                                                                                                                                                                                        • OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA33DC17E), ref: 00007FFDA33DB447
                                                                                                                                                                                                                                        • CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA33DC17E), ref: 00007FFDA33DB45B
                                                                                                                                                                                                                                        • CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA33DC17E), ref: 00007FFDA33DB46F
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_cleanseO_clear_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 778410385-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 781660ad06af76574751c599a28dc1b759e7acee44a78e7bbd64a795641a097e
                                                                                                                                                                                                                                        • Instruction ID: 6cd575c81d492e2f3879147cffa22a1249dc16d7f913c76b5ae7deadfe0b311b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781660ad06af76574751c599a28dc1b759e7acee44a78e7bbd64a795641a097e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E071D522B1EA8182F720EB12E4607BA7651FB84BC8F444135EE8D5B796DF7ED185C704
                                                                                                                                                                                                                                        Function 00007FFDA33A8280 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Y_derive$O_clear_freeO_mallocX_freeX_newY_derive_initY_derive_set_peer
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 2104848214-4238427508
                                                                                                                                                                                                                                        • Opcode ID: 253ee9f91a9c32aa7a7eb10043b7836978ed9172ce8da6bb493f932fa2a05171
                                                                                                                                                                                                                                        • Instruction ID: f6f09586d61d0a8869e2ccae15e5092f4f8bef723f8bfbb87ba0c03ab8c7321f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 253ee9f91a9c32aa7a7eb10043b7836978ed9172ce8da6bb493f932fa2a05171
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E51A932F0EB4181FB14BB12A4646B96A92BF44BC4F444531DE4C6BB96DF7EE441C708
                                                                                                                                                                                                                                        Function 00007FFDA33B6200 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 3616133153-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 559f626a730277340b143931cf96eadd5247de06ae417eece1a5432af7986dd6
                                                                                                                                                                                                                                        • Instruction ID: 0dea2209ba1e9ac2e19b03592d22e62d0e31ba7f73c47bcf0ec4e7668e5d64c2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 559f626a730277340b143931cf96eadd5247de06ae417eece1a5432af7986dd6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A515972A0AF82C1E750EF21D8643AD73A5FB84B98F484135DA5C5B79ACF39D085CB24
                                                                                                                                                                                                                                        Function 00007FFDA339240F Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 415COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_unlockD_write_lockH_deleteH_retrieveO_clear_flagsO_freeO_set_flagsO_snprintfR_add_error_datamemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_d1.c$SSL alert number
                                                                                                                                                                                                                                        • API String ID: 928870745-720991377
                                                                                                                                                                                                                                        • Opcode ID: d1133549121799ac347ecebb151c4d0696de4a3089be28a4baa5a6c9734a239c
                                                                                                                                                                                                                                        • Instruction ID: 78a2a8fed47d4ea2902ab9f8cb6bace92f8d0e5b7c5f4baf8bc668cbb62b3349
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1133549121799ac347ecebb151c4d0696de4a3089be28a4baa5a6c9734a239c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C127832B0EE82C5F760AF2594343B926A6FB45B88F044235DE4D667C6DF7EE4418718
                                                                                                                                                                                                                                        Function 00007FFDA33919EC Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$O_memdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 3545228654-302083090
                                                                                                                                                                                                                                        • Opcode ID: 0be3e35a01518801bf8ff39cf9158e1290710dd530d5dbfd44f1bacc57a0d36a
                                                                                                                                                                                                                                        • Instruction ID: bf1224285ab27cc7346289a2e2aac4acb61daa4448de8e11836621313906e214
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0be3e35a01518801bf8ff39cf9158e1290710dd530d5dbfd44f1bacc57a0d36a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CD1BF32B1AB8185EB10DF25D8546AC77A6FB48B88F044531EE4C6BB96DF3EE185C704
                                                                                                                                                                                                                                        Function 00007FFDA3392306 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 170COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$O_memcmpO_strndupmemchr
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$C:\A\39\s\ssl\packet_local.h$k
                                                                                                                                                                                                                                        • API String ID: 2294304191-2519752435
                                                                                                                                                                                                                                        • Opcode ID: 83838860037159e4f800658b6bdc086c4d16eebf8e1cb0eb5c7546d0eb5dd4e2
                                                                                                                                                                                                                                        • Instruction ID: 0cbcec1f9f7e5ea6c670379a6e5a9b3f281d3bc694949b52c293ca6cee42932a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83838860037159e4f800658b6bdc086c4d16eebf8e1cb0eb5c7546d0eb5dd4e2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F961F262B0EA8196E7609B24E0217697792FB857C4F444531EA4C6B79BCF3FE5818B04
                                                                                                                                                                                                                                        Function 00007FFDA339192E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                        • Opcode ID: 5d850cff5e0f663cb6623a9ab35d4fd80d1d30061e2370875c9d8b57687d1f1f
                                                                                                                                                                                                                                        • Instruction ID: bad8565bd406cd16da44512a7a8b896f32d6911e228796b2e673aa202b06c0ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d850cff5e0f663cb6623a9ab35d4fd80d1d30061e2370875c9d8b57687d1f1f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97512211B1AF82C1EA54FB26D4B02BD6362FB85B84F145131EE0E67757DF6AE451C304
                                                                                                                                                                                                                                        Function 00007FFDA33BC7F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 4284552970-1080266419
                                                                                                                                                                                                                                        • Opcode ID: c6c150a49dec86dbe701b627f40ffa77316568234502b35aad87b569fc5603dc
                                                                                                                                                                                                                                        • Instruction ID: 4e82eaf6801ccb4f4ad8b06bdafcc9a1809dcfc47c50c3477f5ffa3a31dae73a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6c150a49dec86dbe701b627f40ffa77316568234502b35aad87b569fc5603dc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA31C226B0EF9186E710AF25E02036977A2EB45780F840135EA4C5BB9BDF7EE555C704
                                                                                                                                                                                                                                        Function 00007FFDA33922C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 4284552970-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 0c22d0de243dc66db345b404b2065636c2cf7bbc1ae4dfb0c7285623536ff4c5
                                                                                                                                                                                                                                        • Instruction ID: 3f48aef9ad0a6eaa4f7153d4fd171c5f35467e78b5a7bdddd4bfcb1fec38293e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c22d0de243dc66db345b404b2065636c2cf7bbc1ae4dfb0c7285623536ff4c5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E831D221B0EF8196E714AF15A0603A977A2EB44780F480135EA8D5BBDBCE6FE565C708
                                                                                                                                                                                                                                        Function 00007FFDA3394487 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 391COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\bio_ssl.c$=
                                                                                                                                                                                                                                        • API String ID: 3341103989-3341019427
                                                                                                                                                                                                                                        • Opcode ID: faccac3a59fde3f689646b055012c1b52c4c3b7e8919d0592ae19541f9fc100b
                                                                                                                                                                                                                                        • Instruction ID: c55add198ee10d86705ba6b227f74c6e73f3ba80816a31df12b04652d18a5ed0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faccac3a59fde3f689646b055012c1b52c4c3b7e8919d0592ae19541f9fc100b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B11E76670E68381D741AF29E4702E86B629B4A754F4C4171EB8C0B79BDD2ED958CB04
                                                                                                                                                                                                                                        Function 00007FFDA33C8AC0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 301COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_zalloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$gfffffff$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                                                                        • API String ID: 2237658545-598456477
                                                                                                                                                                                                                                        • Opcode ID: 5d6aa8552018dcda988a70010205294821da82bc6331ec3a22a17f1dfd507cbc
                                                                                                                                                                                                                                        • Instruction ID: b21402965a6db71ab0f97d937f448fa8564d851177e809c99b1e0566cd673be5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d6aa8552018dcda988a70010205294821da82bc6331ec3a22a17f1dfd507cbc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DC10532B0DB8181EBA09F1AE4607B967A2FB80B84F144131DE4C6B786CFBED645C705
                                                                                                                                                                                                                                        Function 00007FFDA3391BDB Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 235COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_bytesD_sizeO_freeO_memdup_time64
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$resumption
                                                                                                                                                                                                                                        • API String ID: 2587329016-332775882
                                                                                                                                                                                                                                        • Opcode ID: fce884bde6bbb959fcfb8392817e26ab26d907eb5d76073a2644c3693644e286
                                                                                                                                                                                                                                        • Instruction ID: 87913937852a2fc412a911553d85c39c138fae1f46b496fb930dc400a16ff195
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fce884bde6bbb959fcfb8392817e26ab26d907eb5d76073a2644c3693644e286
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7B1833270EF8181EB50EB26E4647AE67A1EB85B88F140035EE8D9B796CF7DD445C704
                                                                                                                                                                                                                                        Function 00007FFDA33D01C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                        • API String ID: 3962629258-3973221358
                                                                                                                                                                                                                                        • Opcode ID: 8298374545609234093b5f0c2f1543578b1308b34e428511ee5e4fa22cdd8b7a
                                                                                                                                                                                                                                        • Instruction ID: 4867917ad33d4047b5e5648a853ce3501ac2e45c10b4b13d6f175c351035c801
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8298374545609234093b5f0c2f1543578b1308b34e428511ee5e4fa22cdd8b7a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1417F32B0FF4281EB51EB52E4645A9A3A6FB44B84F454432DE8C57B96EF7ED081C308
                                                                                                                                                                                                                                        Function 00007FFDA33E2810 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$X_free$memcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                        • API String ID: 1711549817-3140652063
                                                                                                                                                                                                                                        • Opcode ID: 302d39c590a0a9276f345f82c954a845299eb4e79095332c3ca9414f53600b3f
                                                                                                                                                                                                                                        • Instruction ID: 54cb11c3673c7d160e001463ac9ffa20c0ad4b03315f3a7206884dcdcd15807c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 302d39c590a0a9276f345f82c954a845299eb4e79095332c3ca9414f53600b3f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13415221B0EA4281EA14BB26E4613B923A2FF84F94F145031EF4DAB797DE7ED441C348
                                                                                                                                                                                                                                        Function 00007FFDA33991D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                        • Opcode ID: 87a1332b69d61cb5022367153df2b70d0bba5b24abea66f2bac0290d2a7c5c6d
                                                                                                                                                                                                                                        • Instruction ID: 76c7e4555037f7b22b3ec131c03d60c73b64c79fa5008991cf9c547ed57cd67a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87a1332b69d61cb5022367153df2b70d0bba5b24abea66f2bac0290d2a7c5c6d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17412F11B1AF4281EA54BB26D5B127C6362FF89B88F145131EE0D6B797EF2AE491C304
                                                                                                                                                                                                                                        Function 00007FFDA33AC0E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c$B
                                                                                                                                                                                                                                        • API String ID: 3411496311-1824687510
                                                                                                                                                                                                                                        • Opcode ID: 40d387c2de7f0e6f9d7805c3e1f707931e4845228649f3cf0314503780457739
                                                                                                                                                                                                                                        • Instruction ID: 955b2124c374fc92324751381dbc24a5f906aca2b9195b810ed8a696c7ce9d4e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40d387c2de7f0e6f9d7805c3e1f707931e4845228649f3cf0314503780457739
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7117C71B0BB4282EB51AF20D4247E92792EF45708F840435DA4C5A396EF7EE685C708
                                                                                                                                                                                                                                        Function 00007FFDA33946B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\bio_ssl.c
                                                                                                                                                                                                                                        • API String ID: 3531300166-4039210333
                                                                                                                                                                                                                                        • Opcode ID: 73c90e96303895f2f4835d9abe6534749fff504bcc8c1f7399d069dcf87a4287
                                                                                                                                                                                                                                        • Instruction ID: af44479d1805be394fd3a856f42321ffd6e476d09b93af4cf6d88e759e86068c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73c90e96303895f2f4835d9abe6534749fff504bcc8c1f7399d069dcf87a4287
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71017C15F0FB4281FA54FA62697627802835F85790F481130FE1EAE7CBEE1EE4918208
                                                                                                                                                                                                                                        Function 00007FFDA3391A4B Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_cleanse$O_freeO_memcmpO_memdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 2249876211-592572767
                                                                                                                                                                                                                                        • Opcode ID: c11da142d16653847a7a2e79b91ce392af592909020ee0d808ac56544ce73f19
                                                                                                                                                                                                                                        • Instruction ID: 46ecdc011cf09e8caa97facb589465e67074d256a337747d0beff50d5d716f09
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c11da142d16653847a7a2e79b91ce392af592909020ee0d808ac56544ce73f19
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0D1C932B0EE8282E760AB65E4643BE67A6FB84788F040135DE4D67796DF3ED548C704
                                                                                                                                                                                                                                        Function 00007FFDA33F02B0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • EVP_PKEY_get0_RSA.LIBCRYPTO-1_1(?,?,?,?,00007FFDA33F1AFA), ref: 00007FFDA33F02EA
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Y_get0_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 2256133966-348624464
                                                                                                                                                                                                                                        • Opcode ID: aa271700619a1713e3fe6b2b4ff5684677fdac254300c4914ad5e50be8c81451
                                                                                                                                                                                                                                        • Instruction ID: 09a4342269f8b5d795e05a07d421985362cb85f5ea15f13d42ab0d9f8563ee18
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa271700619a1713e3fe6b2b4ff5684677fdac254300c4914ad5e50be8c81451
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8A16C3271EA9186E7209B25D42077EB792FB84784F804134EA8D9BB87DF3ED545CB04
                                                                                                                                                                                                                                        Function 00007FFDA3392284 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 0-1839494539
                                                                                                                                                                                                                                        • Opcode ID: 610ebe26e093a2bd35219fabe36174a544eed68bdeb4aa99b947d60b71ddfbd5
                                                                                                                                                                                                                                        • Instruction ID: 73dc74ac9f492185903e95071fd5893be912d21346691105939cfcac882be84f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 610ebe26e093a2bd35219fabe36174a544eed68bdeb4aa99b947d60b71ddfbd5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3751BC32B0AB8196EB54AB25E0943AD77A1FB88B80F144132DF8C57765DF3AD0A5CB04
                                                                                                                                                                                                                                        Function 00007FFDA3391FCD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                        • API String ID: 2513334388-1643863364
                                                                                                                                                                                                                                        • Opcode ID: c63a80d7061727ee51686a87ef53ab217b9c5ad2ffc3a1ba7b5b0923cfb23b2a
                                                                                                                                                                                                                                        • Instruction ID: 438bd32b4c187657e2a6d68308c251ecde0aa6499b7dbc4e8312e9831657a51a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c63a80d7061727ee51686a87ef53ab217b9c5ad2ffc3a1ba7b5b0923cfb23b2a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1312531B0FA4285EB28EF21E4206AA6752EF447C0F844130DE4D5F796DEBEE545C708
                                                                                                                                                                                                                                        Function 00007FFDA33F07C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: N_bin2bnN_is_zeroN_ucmpO_freeO_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 3996552382-348624464
                                                                                                                                                                                                                                        • Opcode ID: 620ef236bf86c8bf6acc5284d31ec11c4d7888f404dc5e9573973a97aa45848c
                                                                                                                                                                                                                                        • Instruction ID: 1e6688e71cd68e079007aecc3e29fcd7d6cc59e645c027adc5b100af647b5b3c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 620ef236bf86c8bf6acc5284d31ec11c4d7888f404dc5e9573973a97aa45848c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E931B33270EE4281EB50AF25E46477EA7A2EB84B84F944130DE4C5F796DE3ED5518704
                                                                                                                                                                                                                                        Function 00007FFDA3391195 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                        • API String ID: 2513334388-1643863364
                                                                                                                                                                                                                                        • Opcode ID: a8ad371fa0241b77831bd8664b17a1c0086d08964f2749666c9c55dc867c5f74
                                                                                                                                                                                                                                        • Instruction ID: 9ec50b130c08277531ca956098c433d8dd92deaf28f0f74f64635d2330cd206e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8ad371fa0241b77831bd8664b17a1c0086d08964f2749666c9c55dc867c5f74
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21317E32B0FB8285E764AF11E4207AA7396EB44784F840135DE8D5BB5ADF3EE509C709
                                                                                                                                                                                                                                        Function 00007FFDA3392216 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_put_errormemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                        • API String ID: 92311482-1643863364
                                                                                                                                                                                                                                        • Opcode ID: 063a8dad6b19079705af0f3c0fbb20910368802de4db5d75ca0e7bbb3eeba486
                                                                                                                                                                                                                                        • Instruction ID: fdd6b23119a91f0aa79bface0527ba7a78f5749550dde98bfd931cd82708081b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 063a8dad6b19079705af0f3c0fbb20910368802de4db5d75ca0e7bbb3eeba486
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C521C231B0EF8284E710AF12E8202AA6752EB44BC0F940031EE4C5FB9ADF7DE1098708
                                                                                                                                                                                                                                        Function 00007FFDA3396BA0 Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrl
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3605655398-0
                                                                                                                                                                                                                                        • Opcode ID: 81b0fb9b52ab2903561be239d9f753dcdec20b238c41afb9f6860bf36cef8689
                                                                                                                                                                                                                                        • Instruction ID: 5848665fe7a7b8eb24795c1c74032afe173ac53f92c6cb32a78e2b16cd445184
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81b0fb9b52ab2903561be239d9f753dcdec20b238c41afb9f6860bf36cef8689
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE316332B1EB8582DB98BB65E6B5BFD2292EB88B80F444034DE0D97752DF29D4508704
                                                                                                                                                                                                                                        Function 00007FFDA33C7310 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 166COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$O_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$p
                                                                                                                                                                                                                                        • API String ID: 3211362174-2468000666
                                                                                                                                                                                                                                        • Opcode ID: 703dd52f682a159cbc35d44800316adb1e99d9055ab9772dc77e70ed5fb21315
                                                                                                                                                                                                                                        • Instruction ID: af8418169f547b372a7a68c37aa40091628460962310fa39a5c35c4857e657c0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 703dd52f682a159cbc35d44800316adb1e99d9055ab9772dc77e70ed5fb21315
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7371B832B0EB4189E7A0AF29D4643BD27A2EB80B94F180135DE4D57796CF7EE585C704
                                                                                                                                                                                                                                        Function 00007FFDA3391F32 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_bytesO_freeO_malloc
                                                                                                                                                                                                                                        • String ID: $..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 693915670-1632442243
                                                                                                                                                                                                                                        • Opcode ID: 314b6c8f202e56f70c0b8c6c3ba749280f00dffbb6669af19754288d6920ca7b
                                                                                                                                                                                                                                        • Instruction ID: 98d72cb565c61605a383e55569a578ca91956cbe9e2475cfba02b8ab0b860d04
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 314b6c8f202e56f70c0b8c6c3ba749280f00dffbb6669af19754288d6920ca7b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A518961B0DA4285FB50BA1295313BD62D2EF45BC8F284031EE4D6B7D7DF2EE4418708
                                                                                                                                                                                                                                        Function 00007FFDA3391479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$O_memdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 3545228654-2418901416
                                                                                                                                                                                                                                        • Opcode ID: 9c7a1bcc945c97f83efa6bdcfd39cdec11f009fbcc39ff28fccbc156eb75ca01
                                                                                                                                                                                                                                        • Instruction ID: 1e4c4f66bef3095cabcdeb5d42110e5dd8f3155278779d609d56db03d94cd529
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c7a1bcc945c97f83efa6bdcfd39cdec11f009fbcc39ff28fccbc156eb75ca01
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8451B332B1DF8281E7609B24E4507A977A2FB85784F448131DA9C67B9ACF7EE241C704
                                                                                                                                                                                                                                        Function 00007FFDA339132A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_unlock$D_read_lockmemset
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                        • API String ID: 229716220-2868363209
                                                                                                                                                                                                                                        • Opcode ID: ada67ddd12826750ba2962d50212b2a506733ca49848e0e80b125abab7ac3e41
                                                                                                                                                                                                                                        • Instruction ID: 3ec5550841cc06ae670637e2923f5aa13fcc2e15176f2919201c749b971b18c9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ada67ddd12826750ba2962d50212b2a506733ca49848e0e80b125abab7ac3e41
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6512731B1DE81C1E765AB28E4253A963A1FB84B84F040031EB4C2BB96CF6FD555C708
                                                                                                                                                                                                                                        Function 00007FFDA3391983 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memdup$O_freememcmp
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 590648765-348624464
                                                                                                                                                                                                                                        • Opcode ID: 73121a86fe9494e8c4a57d1a5897c82d3bb8832e4f3733d0b38b49ba047da705
                                                                                                                                                                                                                                        • Instruction ID: 6a8c944569aac6b8d75052d068a7f1166562a1d8693f2c4523a918c954d068c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73121a86fe9494e8c4a57d1a5897c82d3bb8832e4f3733d0b38b49ba047da705
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F519F7270EB8181E7509B11E4642AD77E1FB84B84F184132EE8C5B79ACF7DD686CB14
                                                                                                                                                                                                                                        Function 00007FFDA3391762 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_reallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1389097454-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 6b0888489219d8b4d47e01765275076ddce6352c25599570ec406f35ee23ade0
                                                                                                                                                                                                                                        • Instruction ID: 26ffcbcde08410ce88aee497bf46c3e99c5a53dad61dc9bc7ed8ab1b4cfa5ebe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b0888489219d8b4d47e01765275076ddce6352c25599570ec406f35ee23ade0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2312022B0EB85A6E615DF24A8103B96791FB44788F440132EE9C277A2DF3EE556C708
                                                                                                                                                                                                                                        Function 00007FFDA33E03B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 2581946324-302083090
                                                                                                                                                                                                                                        • Opcode ID: 333701f432d6005e54ba6f97bcd5682f95dae66810143f891ea687c9c5120008
                                                                                                                                                                                                                                        • Instruction ID: dcd8a4c302ef448017805f7f72759166f64984061612d059fed1019aef3ca3da
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 333701f432d6005e54ba6f97bcd5682f95dae66810143f891ea687c9c5120008
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7341B332F2EE9085F710AB11E4107A9A7A2FB44784F444131FA8C27B96DF7DE5908B04
                                                                                                                                                                                                                                        Function 00007FFDA33CA6E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$Y_freeY_get1_tls_encodedpoint
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 4042585043-592572767
                                                                                                                                                                                                                                        • Opcode ID: b2c74bf334221d04c2abb0be280dea838928a23d3169f746b8b1ae0b7a47ed79
                                                                                                                                                                                                                                        • Instruction ID: aa40b790f7c007eb648cb65374730781cf0a6ea780be251fc9adc40bcb3bffc1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2c74bf334221d04c2abb0be280dea838928a23d3169f746b8b1ae0b7a47ed79
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A941B321B0EF5181E720AB56E46437A67A2FB85BC0F444035EE8C6BB9BCF7ED5458708
                                                                                                                                                                                                                                        Function 00007FFDA33BCA80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_reallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1389097454-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 7f4aeb4df5acefc52c56f3a74b5e75b2116b7e5dc27facaf9ba9ffa48536a5ef
                                                                                                                                                                                                                                        • Instruction ID: 2f8b1beb58c486e027b92d9cde8abc693c459e0a1194bc948fc7322df672f84a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f4aeb4df5acefc52c56f3a74b5e75b2116b7e5dc27facaf9ba9ffa48536a5ef
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0931D03274AB8286EB21EF25E8106AD7BA5FB44B88F444031EE9D57796CF3EE441C704
                                                                                                                                                                                                                                        Function 00007FFDA3392293 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$O_memdupR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 864655289-1080266419
                                                                                                                                                                                                                                        • Opcode ID: dbac8aa0f26d75883ef7254af84799de7727b2bfc8ba88109d55f4e741a12b7e
                                                                                                                                                                                                                                        • Instruction ID: 9f50586b7ea80c35d76f65c912107fbef5ef88abfd9a7305f2ca1c01c224968a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbac8aa0f26d75883ef7254af84799de7727b2bfc8ba88109d55f4e741a12b7e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E521C832B1FB9282F7509F20E42476977A2EB80784F580031DE4C67B96DF2EE146C718
                                                                                                                                                                                                                                        Function 00007FFDA3391073 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_run_once$R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_init.c
                                                                                                                                                                                                                                        • API String ID: 511881677-1166085723
                                                                                                                                                                                                                                        • Opcode ID: 280c4d8acf95806631c6dfe4c17a0f71496c1cb5f90559f88332a5a81696dff4
                                                                                                                                                                                                                                        • Instruction ID: a681385eddf49540c52f0709674e91593a375186021588bb840249a8b81c7f2b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 280c4d8acf95806631c6dfe4c17a0f71496c1cb5f90559f88332a5a81696dff4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45212321B0FA128AFB44AB55E8716B62393EF90354F884134E90DA7397DE7EE945C608
                                                                                                                                                                                                                                        Function 00007FFDA3392365 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_put_errormemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                        • API String ID: 92311482-2868363209
                                                                                                                                                                                                                                        • Opcode ID: 780a9ea53ba4cc3ec3838c0ac23432b81ccb980f177868319078a031fe36c793
                                                                                                                                                                                                                                        • Instruction ID: 979ae7667cbd8653281ae987ede03c63f6b078eb4b699ad1cfb4a93e1cf111fd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 780a9ea53ba4cc3ec3838c0ac23432b81ccb980f177868319078a031fe36c793
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7721AC3670EB8181E711AF15E4112A9B762FB84B84F540031DF8C6B7AADF7ED551C708
                                                                                                                                                                                                                                        Function 00007FFDA3391232 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_pop_freeO_freeX509_freeY_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                        • API String ID: 1247630535-349359282
                                                                                                                                                                                                                                        • Opcode ID: f5755b09b89318ab18e6b675f579b07727ee9add9809646d8330ec93d16af2da
                                                                                                                                                                                                                                        • Instruction ID: 401f3da357304b2e2e0f45508a00f34df371d8f5d3c15497f6c848a9afceac51
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5755b09b89318ab18e6b675f579b07727ee9add9809646d8330ec93d16af2da
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50115A36B1EB9182EB10AB24E06416C7365FB85F88F444126EB8D6BB4ACF7ED515C708
                                                                                                                                                                                                                                        Function 00007FFDA33B2370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$L_sk_pop_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                        • API String ID: 1650471521-1527728938
                                                                                                                                                                                                                                        • Opcode ID: 3251803014015385d2075bff66dd4296149d1ff7f5e94831c12b09d1f11c0e7e
                                                                                                                                                                                                                                        • Instruction ID: 93de49db47387f70cf83b6ace659b9f16fa5c5ae96d9a1ae8a592a0f85b85aa4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3251803014015385d2075bff66dd4296149d1ff7f5e94831c12b09d1f11c0e7e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC01B521B1EE53C2EB50BB11F4601A96722EB85B80F845131FA8D6B75BCE6EE245C708
                                                                                                                                                                                                                                        Function 00007FFDA339115E Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: H_retrieve$D_unlockH_deleteH_insert
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4154705611-0
                                                                                                                                                                                                                                        • Opcode ID: b221f1d8a13ea62fa5aa3c5ff967bd8c703da9466c3705d29663cc4d04efa4c0
                                                                                                                                                                                                                                        • Instruction ID: bcf7ff27e8034412dd3c85f072f5a990e52481d914c9f0a8240ab00c646a03c5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b221f1d8a13ea62fa5aa3c5ff967bd8c703da9466c3705d29663cc4d04efa4c0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F351B032B0EB4286EB54BB25A5757B962A2AF44BD4F044030EE0D6BB86DF3EE4548744
                                                                                                                                                                                                                                        Function 00007FFDA339135C Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2272600717-0
                                                                                                                                                                                                                                        • Opcode ID: c0d37a7d969802c2696921b6023df035fe6085adf50601bf14ed1704c6958bf5
                                                                                                                                                                                                                                        • Instruction ID: b5f5a15483a8c2c0f434366f61fc77262a8e3ca9232f898957edfd45737f2c49
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0d37a7d969802c2696921b6023df035fe6085adf50601bf14ed1704c6958bf5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A331E732B0EF4196DAA5EB19D4653A973A0FB89B44F450031EE0D97356CF3EE455CB04
                                                                                                                                                                                                                                        Function 00007FFDA33F85D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                        • API String ID: 2160744234-1643863364
                                                                                                                                                                                                                                        • Opcode ID: 0251fa3a5f0485deae32d7f1cbf9a865751c3db0ee897ab8b1ab0b7dd044612c
                                                                                                                                                                                                                                        • Instruction ID: e58fd26e0ed29905d6d608ce70a15588fb8b88b22820230470d3316b213fc656
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0251fa3a5f0485deae32d7f1cbf9a865751c3db0ee897ab8b1ab0b7dd044612c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F91B822B0FE9285EB59AF1194243B92792FB44B84F994035DE4C6F786DF7EE445C308
                                                                                                                                                                                                                                        Function 00007FFDA33EAECC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 3962629258-2688732651
                                                                                                                                                                                                                                        • Opcode ID: a39d8f9cce50e3fa7cd7de2006c76d8483267ad204581895d09c9aa271f8a7cd
                                                                                                                                                                                                                                        • Instruction ID: b9e1104c3512a5206e719b168699cebd0f4f79f8003f1fcf17a0a02d8aab5a56
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a39d8f9cce50e3fa7cd7de2006c76d8483267ad204581895d09c9aa271f8a7cd
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0841D332B1EF8082E7019B11F4502A9B3A1FB94780F484231EE9D67B5ADF7DE5918B00
                                                                                                                                                                                                                                        Function 00007FFDA33984C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: M_growO_zallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                        • API String ID: 1461889847-1434567093
                                                                                                                                                                                                                                        • Opcode ID: 8fe107cd4ec4803d42f78376d7db40bd73b43b44112102d226eee46ed19079e9
                                                                                                                                                                                                                                        • Instruction ID: 42295d2e00385997a16b941a3f8834e096351d1b9427b1cab2e0ac4cf9bb3346
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fe107cd4ec4803d42f78376d7db40bd73b43b44112102d226eee46ed19079e9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA419C2270AA45C1DB14DF29E160368A3A1EB88BE8F144235DB6D5B7A9DF7DE494C304
                                                                                                                                                                                                                                        Function 00007FFDA33DAB90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeY_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1826982404-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 558ae94a635315baac56c6285536accd8de4b342e73c06bacd2d0a9e51899871
                                                                                                                                                                                                                                        • Instruction ID: f7fec992ec70da1f4a63993436664fadc8165178520aaf2e9531a76c31356ebe
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 558ae94a635315baac56c6285536accd8de4b342e73c06bacd2d0a9e51899871
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06316432B0DE4186E720AF11A5606A96752FB88BD4F444534EE4C67B4ADF7FE2458B08
                                                                                                                                                                                                                                        Function 00007FFDA3391AC3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 2160744234-1080266419
                                                                                                                                                                                                                                        • Opcode ID: acf573b16f5f59d2ced6cf24d5b4e4d3d7304108f6b41a113aa4568fa5535a96
                                                                                                                                                                                                                                        • Instruction ID: 9127a474f5b84c18871b5476435fccffa62b5786b1cc56abc08e057a56f930a2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acf573b16f5f59d2ced6cf24d5b4e4d3d7304108f6b41a113aa4568fa5535a96
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80319A72B0EB4182EA90EF16D46426877A2FB44B80F984432EA4D577A6DF3EE545C708
                                                                                                                                                                                                                                        Function 00007FFDA33DCBC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$X_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 306345296-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 314c2f445228bb8b1adbf3ad7e2c34afd9e16736c2917a767060d06c5c7f5a51
                                                                                                                                                                                                                                        • Instruction ID: a2afcaa31573d5f623f9cfef9730881fdf58011535fc7850052c5f302bd714e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 314c2f445228bb8b1adbf3ad7e2c34afd9e16736c2917a767060d06c5c7f5a51
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB319332B1DA9182E760AB21E52036AA366FB85FC4F044135FF8C57B86CF3ED5518B08
                                                                                                                                                                                                                                        Function 00007FFDA3391433 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strndup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 2641571835-2418901416
                                                                                                                                                                                                                                        • Opcode ID: 66bf67524eddd76af22c51baa028ccf86c628141b1b34a0980f80f324fd45d4c
                                                                                                                                                                                                                                        • Instruction ID: b2b0ffa4f6b20ff9f41d469b3f7c829edc5e05e07fd0d619ec78b40f9ce7ddcd
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66bf67524eddd76af22c51baa028ccf86c628141b1b34a0980f80f324fd45d4c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3521D622F1EB8142F750AB25E1106ADA761FB857C4F444531EA8C67B8BEF7EE1908B04
                                                                                                                                                                                                                                        Function 00007FFDA33A6E27 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strdup
                                                                                                                                                                                                                                        • String ID: $..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 2148955802-2670486660
                                                                                                                                                                                                                                        • Opcode ID: 47d54b2ca0f1143f94bfb6fa4735e0551d84f272c35cf0dd430c25f92e56ec6d
                                                                                                                                                                                                                                        • Instruction ID: f0d6d66268226de7a874193fde047d21675285ce71e51e130cadd70cd7d2c272
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47d54b2ca0f1143f94bfb6fa4735e0551d84f272c35cf0dd430c25f92e56ec6d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6511DF21F1FAC245FB69BA25D16073C6693EB00B84F440838D94D5BB93EF6FE5418708
                                                                                                                                                                                                                                        Function 00007FFDA33C4690 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3040165603-0
                                                                                                                                                                                                                                        • Opcode ID: 02e3106bca2d9657948b932dde4c8a6b42208afe33ef2fb26a6d42091f1fd209
                                                                                                                                                                                                                                        • Instruction ID: 2ee5ceff74c5d19541eb022044b08f1c137a7c3bc139f4ad65f5a94a1d9eda05
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02e3106bca2d9657948b932dde4c8a6b42208afe33ef2fb26a6d42091f1fd209
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D21CF21B0EF8282EA55BA1695652A95292AF84BC0F080030FE5D6BF87CF2DE4158708
                                                                                                                                                                                                                                        Function 00007FFDA339160E Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3040165603-0
                                                                                                                                                                                                                                        • Opcode ID: 6b1fb98ab9b2ad9155eab04fd3a1cab91a31b31add8154a4dcbbc06c35397cb5
                                                                                                                                                                                                                                        • Instruction ID: b992e8a72a73f4e37aa8fab31ab2bbc8aea0a73a636877f37b25415afe0e929e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b1fb98ab9b2ad9155eab04fd3a1cab91a31b31add8154a4dcbbc06c35397cb5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0119321B0EF8186EE55BB56A06426AA391EF48BD0F4C4131FF4D5BB4BDF2DE4458704
                                                                                                                                                                                                                                        Function 00007FFDA33B93E0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2272600717-0
                                                                                                                                                                                                                                        • Opcode ID: 854e7bbdb5f6ebc7c263375a416aec3a8e7d29db26ef308c2acd6427cbd946b8
                                                                                                                                                                                                                                        • Instruction ID: 7e0fedde412b35f0a324b3d691ffc6a31632219712937fa7d35696f86b68d35b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 854e7bbdb5f6ebc7c263375a416aec3a8e7d29db26ef308c2acd6427cbd946b8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1611E922B0EF81C1EBB0EB25E5A53AD6361FB88780F400131EA4D87716DE2DE551CB04
                                                                                                                                                                                                                                        Function 00007FFDA3392464 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_mallocmemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1834057931-592572767
                                                                                                                                                                                                                                        • Opcode ID: 460e11c5b99c01b051367d3e9464ee70eee9dc6495ee742a7cd3288c458367ae
                                                                                                                                                                                                                                        • Instruction ID: 1acc6028df59ec39c9f2e91f58c544f1119e8be9cbef91891cafd2177549e3e0
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 460e11c5b99c01b051367d3e9464ee70eee9dc6495ee742a7cd3288c458367ae
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC419236B0EE4181FB64AB19D4643B963A2FB44F84F048035DA4C67796CF7EE856C748
                                                                                                                                                                                                                                        Function 00007FFDA339163B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 2609694610-592572767
                                                                                                                                                                                                                                        • Opcode ID: 46d6983bdb4c522912cce4367175fe499181de257db015f3f751d70cb36f7830
                                                                                                                                                                                                                                        • Instruction ID: 821951b8e4db997f30ed23546fa4f570d2d3fbcc4fd0ae505705afc9d8c732d1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46d6983bdb4c522912cce4367175fe499181de257db015f3f751d70cb36f7830
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141A331B0EF8185E770AB15E42436A7792EF84B84F144035EE4D6BB9ADF3EE5158B08
                                                                                                                                                                                                                                        Function 00007FFDA3391E79 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                                        • API String ID: 2609694610-837614940
                                                                                                                                                                                                                                        • Opcode ID: 68fe796f9b7d9faacd8378c27d3022c579b5deef8a5c6d740e7eb68f4c21b89c
                                                                                                                                                                                                                                        • Instruction ID: a45be544654c217bd31a94b6ca488f1d540dde0f3bd5071e5e2988b442e81987
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68fe796f9b7d9faacd8378c27d3022c579b5deef8a5c6d740e7eb68f4c21b89c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66318232B0EB41C2E760AB11E86036962D2FB44BD4F184534EE8C27B9ADF7ED551C708
                                                                                                                                                                                                                                        Function 00007FFDA33B52B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memdupR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1048774365-1080266419
                                                                                                                                                                                                                                        • Opcode ID: e249939f23b34751a904c019e4c897b34428223bee61f18797b674b1e3496d14
                                                                                                                                                                                                                                        • Instruction ID: ef15f93f44dd7f08ca3c7db9a5fa19407bf6e1462ab7eb684827b36b0326c937
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e249939f23b34751a904c019e4c897b34428223bee61f18797b674b1e3496d14
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5521B732B0FB4287F7559F15A0207687BA2EF81744F684036C64C67B86DE6EE543C708
                                                                                                                                                                                                                                        Function 00007FFDA339101E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 26fded826451c5cb18847f0d3602e16381cccc13c7dc7f12fca5fe93fb282bf9
                                                                                                                                                                                                                                        • Instruction ID: 8d8daa79cd1f9c179941eec54a3a695fcdb8533f9928fb2a9c3e30c61519a254
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26fded826451c5cb18847f0d3602e16381cccc13c7dc7f12fca5fe93fb282bf9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F421C536F1EE9682E7509F10E421BA977A2EB81784F580031EE4C67B96DF2FE1558708
                                                                                                                                                                                                                                        Function 00007FFDA33D839B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$;
                                                                                                                                                                                                                                        • API String ID: 2011826501-2335744092
                                                                                                                                                                                                                                        • Opcode ID: 7ce9e6b9c61ec13bdf48a3aab52cc31d0664069f5043e64f3e2491065b0b17df
                                                                                                                                                                                                                                        • Instruction ID: a1419621bcf1a29a1e2d6ed50d1f5d6bc0e9f0930d21ff5bf9a52a4bda95a5a3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ce9e6b9c61ec13bdf48a3aab52cc31d0664069f5043e64f3e2491065b0b17df
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8216D26B0DB8285E7909B12D5657A967A2FB45FD4F084131CE4C2BB96CF7AF1418704
                                                                                                                                                                                                                                        Function 00007FFDA339E240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_buffer.c$F
                                                                                                                                                                                                                                        • API String ID: 1457121658-4203526889
                                                                                                                                                                                                                                        • Opcode ID: 9608596487eb7c224e04045e88f6ca7777772f18ebb9df8ebf1d6baa8ada12e1
                                                                                                                                                                                                                                        • Instruction ID: 2aa0c4afb407b4c69d7ad2d111108dcce3ec9f44f7285bede9e648a3c1b5050e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9608596487eb7c224e04045e88f6ca7777772f18ebb9df8ebf1d6baa8ada12e1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F118432B0EB5181E750AB15E91039967A1F788BC4F484135EF8CA7B9ADF3ED551CB08
                                                                                                                                                                                                                                        Function 00007FFDA3391BC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                        • API String ID: 2148955802-1527728938
                                                                                                                                                                                                                                        • Opcode ID: 8a8abc6d0e700b064de06c4bb160ab46a5c7ce541b223eb37b9a96861f217c33
                                                                                                                                                                                                                                        • Instruction ID: e9d75bf1ae7e77e60ada3e0a4b57c240a758b53d3e05473e3dbe15c694ca1194
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a8abc6d0e700b064de06c4bb160ab46a5c7ce541b223eb37b9a96861f217c33
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6911E921F0EF8341FB54AB55F160229A652EB447C4F449135EB4D9BB4BDF2EE4D08304
                                                                                                                                                                                                                                        Function 00007FFDA33A6128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 2148955802-4238427508
                                                                                                                                                                                                                                        • Opcode ID: dbce005ca8ecbe4dbc460e47574457e3250652a3c9971f99bda62403d6ffa458
                                                                                                                                                                                                                                        • Instruction ID: 0c67fa04f411c6b457800dbbfc06efeca85b894665194951169de112f56a1254
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbce005ca8ecbe4dbc460e47574457e3250652a3c9971f99bda62403d6ffa458
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4811E265F1EA8185F7A1BB06D0203B86652BB81B44F440839EACC1B786CE7FE5468B09
                                                                                                                                                                                                                                        Function 00007FFDA33D0490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-3973221358
                                                                                                                                                                                                                                        • Opcode ID: 4d076229fde331d21ab54a6eca076cc5ee31880937da190de5e2000299dfdacb
                                                                                                                                                                                                                                        • Instruction ID: 954702a03706e30d8c1255b58c19a76a22a405a17df41c1d3ce4a7ff430aaa96
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d076229fde331d21ab54a6eca076cc5ee31880937da190de5e2000299dfdacb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1801A132B1EE4280E610AF15E550169A322FB44BC4F044032EE4C5B7AADF7ED140C704
                                                                                                                                                                                                                                        Function 00007FFDA33E8C00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                                        • String ID: C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 3962629258-4027224876
                                                                                                                                                                                                                                        • Opcode ID: fe1d6d7df3bfd06936e6262542d8401d650b1da082f1a9573f6aadc62ffb9ace
                                                                                                                                                                                                                                        • Instruction ID: fb5c5de12f7156ed0880e02729f6ea960c11d3a99ed7633e028f0d8c988ced10
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe1d6d7df3bfd06936e6262542d8401d650b1da082f1a9573f6aadc62ffb9ace
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2011E32B1BF9181EB509F11E95025977A5EB99BC0F088031EE9C9BB5ADE3ED550C704
                                                                                                                                                                                                                                        Function 00007FFDA33D0A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                                        • String ID: C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 3962629258-4027224876
                                                                                                                                                                                                                                        • Opcode ID: 9c14dc29b28ea0d5f9f5ca5ef2779e1e3ecad125374d8381a96db69d761674c3
                                                                                                                                                                                                                                        • Instruction ID: c57467c331960472e6ff84f7d411e10e79443315d7379e6f28b3e27a83a55dc8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c14dc29b28ea0d5f9f5ca5ef2779e1e3ecad125374d8381a96db69d761674c3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15015E3271BF8180EB519F11E8502597765EB98BC0F088031EF8C97B4ADE3ED050C704
                                                                                                                                                                                                                                        Function 00007FFDA33CA4C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                                        • String ID: C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 3962629258-4027224876
                                                                                                                                                                                                                                        • Opcode ID: 6927f1bce1ccbeff3d43ac14e65fa0964ec2cbbc3aa07f15577e17a63de90b92
                                                                                                                                                                                                                                        • Instruction ID: bc7561c9e93264a69d5379a2cbdb4ff877e23cedb40b3d9f4ae9d106ee4eca8e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6927f1bce1ccbeff3d43ac14e65fa0964ec2cbbc3aa07f15577e17a63de90b92
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8011A3271BF8281EB509F12E9902597765EB98B80F488031EEDCABB5ADE3DD551C704
                                                                                                                                                                                                                                        Function 00007FFDA3398410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_zallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                        • API String ID: 2718799170-1434567093
                                                                                                                                                                                                                                        • Opcode ID: ee5c0d90d5d1c3ef310878fdbaf24f68741001a7fea5e849a689a39a8625e753
                                                                                                                                                                                                                                        • Instruction ID: 755805512e2b785cc35af587ddd2a0a5fcd41eaedcf4d36d43c9be6969f1d8a4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee5c0d90d5d1c3ef310878fdbaf24f68741001a7fea5e849a689a39a8625e753
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F201A77271BB05C5EB54EF14D42439833A1EB44B08F600034DA0C8B792EF7ED596C744
                                                                                                                                                                                                                                        Function 00007FFDA339189D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_mallocR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\pqueue.c
                                                                                                                                                                                                                                        • API String ID: 2513334388-354262084
                                                                                                                                                                                                                                        • Opcode ID: 5f7b0d29ed284690dd6735d757b9e5acba977a638076cabb88a032a25c1b3e54
                                                                                                                                                                                                                                        • Instruction ID: 5c0702f03f9a77289321438c62b61cc2cae0fd1091624012b6f4ffcf7ea6a954
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f7b0d29ed284690dd6735d757b9e5acba977a638076cabb88a032a25c1b3e54
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47018F32B0AB01C6EB809B15E5647A973A1EB48784F544032DB5C57B96EF3EE549CB04
                                                                                                                                                                                                                                        Function 00007FFDA33D0C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strndup
                                                                                                                                                                                                                                        • String ID: C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 2641571835-4027224876
                                                                                                                                                                                                                                        • Opcode ID: ef6e8934ed007aa456054729c6cf3c3d8186bf9517f6f8c2181d44cc0c3d73c6
                                                                                                                                                                                                                                        • Instruction ID: 0fabf134b9e362780220cc0062a46e21a38c978d858ccfcf3bd3f2513173222e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef6e8934ed007aa456054729c6cf3c3d8186bf9517f6f8c2181d44cc0c3d73c6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF0A732B1BE4281EB00AB15E5655A86312EB4CBC4F448031EE0C9B79BCE2DD450C304
                                                                                                                                                                                                                                        Function 00007FFDA33E8E20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strndup
                                                                                                                                                                                                                                        • String ID: C:\A\39\s\ssl\packet_local.h
                                                                                                                                                                                                                                        • API String ID: 2641571835-4027224876
                                                                                                                                                                                                                                        • Opcode ID: b8be4c47ffd6b9d906e869405f59970c9f698b02c1deb09d2dce238bf77f9e1b
                                                                                                                                                                                                                                        • Instruction ID: 0fabf134b9e362780220cc0062a46e21a38c978d858ccfcf3bd3f2513173222e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8be4c47ffd6b9d906e869405f59970c9f698b02c1deb09d2dce238bf77f9e1b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF0A732B1BE4281EB00AB15E5655A86312EB4CBC4F448031EE0C9B79BCE2DD450C304
                                                                                                                                                                                                                                        Function 00007FFDA33A6EF3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 2148955802-4238427508
                                                                                                                                                                                                                                        • Opcode ID: fe2d0ce21058760a105e9129b82b8dcb66d240285959bfa1f301e656a81283a0
                                                                                                                                                                                                                                        • Instruction ID: 9857be7cb159902e2d03c5669e14c99aed79fb8b307f5bd5daf9df334e7d8188
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe2d0ce21058760a105e9129b82b8dcb66d240285959bfa1f301e656a81283a0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45F03021B1FB8281EB65FB05E0A03B863A2EF40B84F840535D94C1B796EFAFE244D704
                                                                                                                                                                                                                                        Function 00007FFDA33BC990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                        • Opcode ID: b72bdcf44878aec46d5e615fb4e243f8dad235753ad038474b9d2be2e03643af
                                                                                                                                                                                                                                        • Instruction ID: 0eeee8a39b917735d0aae4e0c251bf0de0f66f2b2ed76a0146c3f3c88ae3c02a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b72bdcf44878aec46d5e615fb4e243f8dad235753ad038474b9d2be2e03643af
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4E09266B0AF8181E7007B71D4643583752DB44B48F544030ED0C9F39BCFAED188C315
                                                                                                                                                                                                                                        Function 00007FFDA33C31D0 Relevance: 4.5, APIs: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_unlockD_write_lockH_set_down_load
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3243170206-0
                                                                                                                                                                                                                                        • Opcode ID: c127c2208bc875f569166f1c14133104f97eab8392392533639a777fc9a08169
                                                                                                                                                                                                                                        • Instruction ID: ade85154127e98e3c6ab97190f7a68e602db217f33b15023d2b095803fec57ac
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c127c2208bc875f569166f1c14133104f97eab8392392533639a777fc9a08169
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD014C62B0EF4182DB10BB66E4654A96361FF88794F800231FA4D9BB5BDE3DD111C704
                                                                                                                                                                                                                                        Function 00007FFDA3391FB9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1643863364
                                                                                                                                                                                                                                        • Opcode ID: ca51d8c84bb3f0bbbb6b8589e85f8ed73b728060d1c56062322f3040bc0058ac
                                                                                                                                                                                                                                        • Instruction ID: dd7e984007f0a95a35a858cb1f4c225ea6ad48a93a30b1c11da98d9e6ffc1c69
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca51d8c84bb3f0bbbb6b8589e85f8ed73b728060d1c56062322f3040bc0058ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2617E32B0FE8186E769AE11D4603B967A6FB04784F840431DA4D6F796CFBEE5818308
                                                                                                                                                                                                                                        Function 00007FFDA3391131 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                        • Opcode ID: 19300cb4d0648f7ef4b732813ba8966ecbe8836c777dfca853ce5e2a534e977f
                                                                                                                                                                                                                                        • Instruction ID: 2f54608bbdf58a6331792e50dd230d4b556d0f682e548154c5add43717e7ca74
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19300cb4d0648f7ef4b732813ba8966ecbe8836c777dfca853ce5e2a534e977f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36518721B1EA41C1EB10AF66D4702BD22A2EB48FC4F584236EE4DAB797DF2FD4518314
                                                                                                                                                                                                                                        Function 00007FFDA3392383 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                        • Opcode ID: f6afdf8fc06f96a8bcf61dffc7f0809e7d3c6db198745966021385fe2247694d
                                                                                                                                                                                                                                        • Instruction ID: da0682ed64ca9b33710f4098e40d513760a86e0de0187739fa0a08c2588a408a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6afdf8fc06f96a8bcf61dffc7f0809e7d3c6db198745966021385fe2247694d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6031C332B1EB4185E720AF11E4101ADB7A6EB45BC4F440631EA8C6BB9ADF7FD251C708
                                                                                                                                                                                                                                        Function 00007FFDA33D89A7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 6ec3f76960528604e3187f0ab3dec70c18575a93741200545f6ba9329f04a84f
                                                                                                                                                                                                                                        • Instruction ID: d11e2995d1d058d1dd3d30fb1c31e4b8332061630656ec83004976b8da15cfd1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ec3f76960528604e3187f0ab3dec70c18575a93741200545f6ba9329f04a84f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4531B43370EE4285E7209F12E8502BDB792EB81BC8F484536CA9D5BB96DE7FE1458704
                                                                                                                                                                                                                                        Function 00007FFDA3391E24 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_malloc
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1457121658-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 71b190120d4587983657590e99f70353873b188b3cb5bd4ec1c370ef3c94d187
                                                                                                                                                                                                                                        • Instruction ID: d0ef55262152cee2581a810c1cd6fb74c49ebc3541a5cd34819df5165367a7d6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71b190120d4587983657590e99f70353873b188b3cb5bd4ec1c370ef3c94d187
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4931E172B1EF8189E710AB16E42027DB7A2EB45BC0F144532DA4DA77A7DE2FD551C308
                                                                                                                                                                                                                                        Function 00007FFDA3391078 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-592572767
                                                                                                                                                                                                                                        • Opcode ID: 2ecb3592473d278dc2c9e88ede3872a0dc30475c25992a7ea4420d7c17288d1a
                                                                                                                                                                                                                                        • Instruction ID: c010f6d35c128ca05b5c8c474b536cd10f85f8c88c91fab35572ff78c2757603
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ecb3592473d278dc2c9e88ede3872a0dc30475c25992a7ea4420d7c17288d1a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C219731F0DA4582E750AB1AE5643AE6362EB44BC4F144031DE4CABB87CF7ED9419B58
                                                                                                                                                                                                                                        Function 00007FFDA3398980 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1434567093
                                                                                                                                                                                                                                        • Opcode ID: e89e3df85f1d77aed3e0e83b992f3f18a5a401238ed47d4d9d1bb4f97036edc5
                                                                                                                                                                                                                                        • Instruction ID: a9cf656abd1db81167cd61332fcbdce15c0498cd62af28bf35fa16613c1a4465
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e89e3df85f1d77aed3e0e83b992f3f18a5a401238ed47d4d9d1bb4f97036edc5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C219072B1AF45C5DE54EB25C068B7823A6FB94B84F528031EA5D9B341EE7BD850C304
                                                                                                                                                                                                                                        Function 00007FFDA3391802 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_strdup
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 1296259186-592572767
                                                                                                                                                                                                                                        • Opcode ID: 89087c7b2eac2e522602d4d629cd0fbb80493340d45c1b1e460dbe62b1dc725b
                                                                                                                                                                                                                                        • Instruction ID: 186e012ac613f84056fc9c9b5fab32e05aa603251b0663e33ce0c90f5e3664ad
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89087c7b2eac2e522602d4d629cd0fbb80493340d45c1b1e460dbe62b1dc725b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B21C831B0EE42C5E7609B14E4683BA67A2EB44789F544031DA4C5B7E6CF7ED585CB08
                                                                                                                                                                                                                                        Function 00007FFDA339AEB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                        • Opcode ID: d33ecc1e1799f807672be2aa22f332126528af49844244dbf7f39d9d3a2c45fb
                                                                                                                                                                                                                                        • Instruction ID: e4db255c246cc74124231a602ee01cfe5268e8c0768a48119437dd49dd5f6687
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d33ecc1e1799f807672be2aa22f332126528af49844244dbf7f39d9d3a2c45fb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF08911F1E94280EA50B766F5712BD5252DF88BC4F485131FE0D6F787DD1ED4918708
                                                                                                                                                                                                                                        Function 00007FFDA3391F0F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA339192E: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3399405
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA339192E: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA339941B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA339192E: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3399465
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA339192E: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA339947B
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA339192E: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA33994C5
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA339192E: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA33994DB
                                                                                                                                                                                                                                        • CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3396502
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-490761327
                                                                                                                                                                                                                                        • Opcode ID: 4050bb8c107c4b95d7880ac61e94688c2fb719078023b4bdf08510402269bc0e
                                                                                                                                                                                                                                        • Instruction ID: d12ee08a3dbb2a52dbff8dd0f1a63a1cbf7b57caa762f7b9d5217a36d6fd8a2f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4050bb8c107c4b95d7880ac61e94688c2fb719078023b4bdf08510402269bc0e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF09115F1EA82C0E650BA61D4753F92212EB84B48F440131EE5E6A397CF6ED5518359
                                                                                                                                                                                                                                        Function 00007FFDA3392225 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-2721125279
                                                                                                                                                                                                                                        • Opcode ID: 21c9423ff86a3cf6e218cd3bf253a66d56498a21534f7fb3b4bdd38efd7e415f
                                                                                                                                                                                                                                        • Instruction ID: c49eddbb0bf96d51a5ec5077a8dd08f4fa1a92c0a1aa8a32c01522594831ebf2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21c9423ff86a3cf6e218cd3bf253a66d56498a21534f7fb3b4bdd38efd7e415f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFF0B432B2DA41C0EBA06B10E9A42686366EF48BD0F585030FE4DAB74ADE2ED041C705
                                                                                                                                                                                                                                        Function 00007FFDA3391CB7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 2011826501-1839494539
                                                                                                                                                                                                                                        • Opcode ID: 604841cf8b4f9380b55591c80177bbf25796181a8a54796f2cd11d2bd44f2b1a
                                                                                                                                                                                                                                        • Instruction ID: c796a7ab613391a59871865b43a29be7f4a08f48221019f0086c430dde5459b8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 604841cf8b4f9380b55591c80177bbf25796181a8a54796f2cd11d2bd44f2b1a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97F06D72B0EB80D0DB40AB69D4993E82361EB49F94F584132DE4D9B362CF2AC097C304
                                                                                                                                                                                                                                        Function 00007FFDA33ACCB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_get_ex_new_index
                                                                                                                                                                                                                                        • String ID: SSL for verify callback
                                                                                                                                                                                                                                        • API String ID: 3987194240-2900698531
                                                                                                                                                                                                                                        • Opcode ID: 0b4916689d6186a04f4df4f966338f1e684a24e5e5638dfe36d77a8633e9aa8a
                                                                                                                                                                                                                                        • Instruction ID: bfabf8f205e9781eed45c80b7082e83f80cefb8ea33c4b5ddd7646784c3de662
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b4916689d6186a04f4df4f966338f1e684a24e5e5638dfe36d77a8633e9aa8a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76E06D72F0E2018BE311AFE4A861AA632A6BB48314F844139EA4CE6756DE7DA510C608
                                                                                                                                                                                                                                        Function 00007FFDA33C72A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                        • Opcode ID: 787722f9c899f8bf05aecc9ce4cdbfd6d9a3861cc02b59f3888d246aae44502f
                                                                                                                                                                                                                                        • Instruction ID: d933e287cd174ae6a6f71a6263013ffcfa5e6c6b256767e5dbd2841707ad60be
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 787722f9c899f8bf05aecc9ce4cdbfd6d9a3861cc02b59f3888d246aae44502f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBE0DF62F0B7008AE360BB58C0683A42222DB48714F580030EA0C9F3C2DFBF8586C744
                                                                                                                                                                                                                                        Function 00007FFDA33A6260 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-4238427508
                                                                                                                                                                                                                                        • Opcode ID: 0201b94214f0b6b7ed365e26ef3df2a54f019ee3c496b8d0f62a48e3b2eb6fa0
                                                                                                                                                                                                                                        • Instruction ID: 9408757b56f11eb6adc2b5f43507e36a9e0bc5db7b790cd3326e1357f61c948b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0201b94214f0b6b7ed365e26ef3df2a54f019ee3c496b8d0f62a48e3b2eb6fa0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8E08626B0DA41C1E700BF25F0402986353E7C0B94F090032DE0C1B756CE7BD096C314
                                                                                                                                                                                                                                        Function 00007FFDA3391069 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                        • API String ID: 2581946324-1643863364
                                                                                                                                                                                                                                        • Opcode ID: 0dab6b0fb8dcd467f738e5534e0ebbc86dacce5a833e00eb2560eea860584242
                                                                                                                                                                                                                                        • Instruction ID: a5f456668a82fbd78a0a7275bcccfba79547250760765f7e0613fa42e0fa7104
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0dab6b0fb8dcd467f738e5534e0ebbc86dacce5a833e00eb2560eea860584242
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4D05B15F4FD02D1F5607A9184356B81313DB44740F540031EE0DAF3938D0FE54A970C
                                                                                                                                                                                                                                        Function 00007FFDA33EC0E0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                                                        • Opcode ID: c23903558191cb7557373101cb1eae0c9d15fbe0dd7047ebe3e8ffe8f5b910f4
                                                                                                                                                                                                                                        • Instruction ID: dfcce3128b811c2d68f5de9bcf368c5bbe00175ca243a178381235d2d4fed0ce
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c23903558191cb7557373101cb1eae0c9d15fbe0dd7047ebe3e8ffe8f5b910f4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C42108A2B1DBC045DB305778B4266AEA791FB45344F144331E6CC72B96DF2DD1908B08
                                                                                                                                                                                                                                        Function 00007FFDA33CA240 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                                                        • Opcode ID: 5216394779e02bbe230fdeb731896db95e8ba81ebba9e881e704a04cf7002f76
                                                                                                                                                                                                                                        • Instruction ID: 99f98609148f4f6c04dcb6cd0233f9a7e47efe12cb398530d0e27310076d9ca5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5216394779e02bbe230fdeb731896db95e8ba81ebba9e881e704a04cf7002f76
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACD0A715F0B90281E644B37EC96706802C05B84340FD44034E50DD1792CC0ED4A74604
                                                                                                                                                                                                                                        Function 00007FFDA33E8850 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                                                        • Opcode ID: 5216394779e02bbe230fdeb731896db95e8ba81ebba9e881e704a04cf7002f76
                                                                                                                                                                                                                                        • Instruction ID: e7f0fedd8be15a4c264df28624c53b0bf6488daee73e3c0c7b15d62e7746010c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5216394779e02bbe230fdeb731896db95e8ba81ebba9e881e704a04cf7002f76
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CD0A715F4B906C1E644B77AC96606802C05F40740FD44034E50DD5792CC0EC4974604
                                                                                                                                                                                                                                        Function 00007FFDA33D0720 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                                                        • Opcode ID: 5216394779e02bbe230fdeb731896db95e8ba81ebba9e881e704a04cf7002f76
                                                                                                                                                                                                                                        • Instruction ID: 232b88ac21d2c7c6dbd8818372ffff57ac9d86b09655245547712d5d8c82a082
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5216394779e02bbe230fdeb731896db95e8ba81ebba9e881e704a04cf7002f76
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AD0A916F0B90282E688B37ACAA70A802C0AB80780FD48034F60DD6792CC0EC8A78A04
                                                                                                                                                                                                                                        Function 00007FFDA33AAA60 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_run_once
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1403826838-0
                                                                                                                                                                                                                                        • Opcode ID: bf02492a5bea2bb5e6497a7c0f82a0ba45ad7eec737867b18e4cff89ad2b0197
                                                                                                                                                                                                                                        • Instruction ID: d8e36f41cb4dd1d97cf1d58852adaa348980fc50142ec733e1d01dab845cad4e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf02492a5bea2bb5e6497a7c0f82a0ba45ad7eec737867b18e4cff89ad2b0197
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FE08620F0F98396EA54B7A8D87157123926F40310F404535E40DF53D3CD5EE8018708
                                                                                                                                                                                                                                        Function 00007FFDA33AE210 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_run_once
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1403826838-0
                                                                                                                                                                                                                                        • Opcode ID: bef8750931d89e998b78e17547c8f7dc86e35ae7d57acf08731692ab5cd503c8
                                                                                                                                                                                                                                        • Instruction ID: 9b05e649c1b7f1c43e920a5fd629e3de0591e5be9cac02e92f025abd3f5352ef
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bef8750931d89e998b78e17547c8f7dc86e35ae7d57acf08731692ab5cd503c8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CD09E24F0FA4396EA44B7A9D8761B622525F44340F804135E40EE6757DD5EE9468609
                                                                                                                                                                                                                                        Function 00007FFDA3391B3B Relevance: 65.2, APIs: 20, Strings: 17, Instructions: 442COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy$D_sizeX_newX_reset$L_cleanseO_ctrl
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls13_enc.c$CLIENT_EARLY_TRAFFIC_SECRET$CLIENT_HANDSHAKE_TRAFFIC_SECRET$CLIENT_TRAFFIC_SECRET_0$EARLY_EXPORTER_SECRET$EXPORTER_SECRET$SERVER_HANDSHAKE_TRAFFIC_SECRET$SERVER_TRAFFIC_SECRET_0$c ap traffic$c e traffic$c hs traffic$e exp master$exp master$finished$res master$s ap traffic$s hs traffic
                                                                                                                                                                                                                                        • API String ID: 804632375-2823458745
                                                                                                                                                                                                                                        • Opcode ID: 558e1a7b0926891228b7f1225072be799924fe7645c47cb30a4068bdf4f5b872
                                                                                                                                                                                                                                        • Instruction ID: ad698fb40ccd1f7d49c1230e33acac3b46ded978ac8bb769e0820c796a9c21d6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 558e1a7b0926891228b7f1225072be799924fe7645c47cb30a4068bdf4f5b872
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79229231B0FF4295EB10EB61E5602A973A6FB44784F800136EA8C6B796DF7EE515CB04
                                                                                                                                                                                                                                        Function 00007FFDA33AA300 Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_add_error_dataR_clear_errorR_endR_readX509_get_subject_name_errno
                                                                                                                                                                                                                                        • String ID: %s/%s$..\s\ssl\ssl_cert.c$OPENSSL_DIR_read(&ctx, '
                                                                                                                                                                                                                                        • API String ID: 1034648778-4291904164
                                                                                                                                                                                                                                        • Opcode ID: 9c88a35cd5603c710caf2fb62f5c65ac277021497a257414fc99eb231fc6249c
                                                                                                                                                                                                                                        • Instruction ID: bc4c5b50688dd2aefdcffd21a8e4443ad8cce0b73cd2cbada89a7ab1f3cee684
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c88a35cd5603c710caf2fb62f5c65ac277021497a257414fc99eb231fc6249c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F718462B1FB8281FA50BB1194342B92352AF85B84F844435EA4D6BB9BDF3EE505C70C
                                                                                                                                                                                                                                        Function 00007FFDA33A49F0 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 173COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4A32
                                                                                                                                                                                                                                        • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4A3A
                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4A8E
                                                                                                                                                                                                                                        • EVP_sha1.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4A97
                                                                                                                                                                                                                                        • EVP_DigestInit_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4AA5
                                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4ABD
                                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4ADC
                                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B00
                                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B24
                                                                                                                                                                                                                                        • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B3C
                                                                                                                                                                                                                                        • EVP_md5.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B49
                                                                                                                                                                                                                                        • EVP_DigestInit_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B57
                                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B76
                                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4B91
                                                                                                                                                                                                                                        • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4BB0
                                                                                                                                                                                                                                        • OPENSSL_cleanse.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4BD3
                                                                                                                                                                                                                                        • EVP_DigestFinal_ex.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4BFA
                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4C11
                                                                                                                                                                                                                                        • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4C78
                                                                                                                                                                                                                                        • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00000000,00000000,00007FFDA33A5391), ref: 00007FFDA33A4C80
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Digest$Update$Final_ex$Init_exX_freeX_new$L_cleanseP_md5P_sha1memcpymemset
                                                                                                                                                                                                                                        • String ID: "$..\s\ssl\s3_enc.c$A
                                                                                                                                                                                                                                        • API String ID: 754518535-4125341915
                                                                                                                                                                                                                                        • Opcode ID: d8852845e7760472fa90d8abda9e01489ec5c3db509807d5362bda70788b9af1
                                                                                                                                                                                                                                        • Instruction ID: 277e65b99582d47ce433c9f5bb5acfef39d8ad26ec5815fd29627aaf4d19b3c5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8852845e7760472fa90d8abda9e01489ec5c3db509807d5362bda70788b9af1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1861E462F0FB8261F750BA12A46577E1682AF45BC4F805431ED4D6B79BDE2FD105C708
                                                                                                                                                                                                                                        Function 00007FFDA339105F Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$E_freeH_freeM_read_bio_O_freeX509X509_free$E_dupH_retrieveL_sk_new_nullL_sk_pop_freeL_sk_pushO_ctrlO_newO_s_fileR_clear_errorR_put_errorX509_get_subject_name
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                        • API String ID: 751231659-349359282
                                                                                                                                                                                                                                        • Opcode ID: 1abed893461186ccab08e5dbee63fb12a69d3f798c0c97593f51d2dd8262678b
                                                                                                                                                                                                                                        • Instruction ID: 35cfcc7428edd7bd1cbc9cd6b9075ffa6ae1228c10d4d66d407f48d8d82479c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1abed893461186ccab08e5dbee63fb12a69d3f798c0c97593f51d2dd8262678b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97418E22F0FB8245FD55BB1690746B966929F84B80F884430ED0D6FB9BDE6EE405C308
                                                                                                                                                                                                                                        Function 00007FFDA3391FAA Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Digest$Update$Final_exInit_ex$L_cleanseX_freeX_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 3290436633-1839494539
                                                                                                                                                                                                                                        • Opcode ID: 33e58623fb99c19d2e80ecbe71dd48c1ea49df22556a71e82ce42e1bf60cea8d
                                                                                                                                                                                                                                        • Instruction ID: 46504f312e27bb656a7141e44831984de38662b6dc13c65d063761cfc5fff678
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33e58623fb99c19d2e80ecbe71dd48c1ea49df22556a71e82ce42e1bf60cea8d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD51A431F1EB8251E654BB15A9257BA6352AB46BC0F806034EE4D6BB5BDF3ED404C704
                                                                                                                                                                                                                                        Function 00007FFDA339218F Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DigestX_mdX_new$D_sizeD_typeFinal_exO_ctrlO_freeUpdateX_copy_exX_ctrlX_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 485953282-1839494539
                                                                                                                                                                                                                                        • Opcode ID: ac6deec5407077ac5fe79f7c232473a1f03290fae7bfddc2dfc851193ff29785
                                                                                                                                                                                                                                        • Instruction ID: 296d9a24862a3a97fc150f02b3266644294102fafc232a38e3586ca3f41d61c9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac6deec5407077ac5fe79f7c232473a1f03290fae7bfddc2dfc851193ff29785
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44619E32F0EB8295E760FA12D4653B92392EB85BC4F444431DE4D6B7AADF2FD0458708
                                                                                                                                                                                                                                        Function 00007FFDA33E4AD0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$X_free$L_sk_numL_sk_valueR_clear_errorX509_verify_certX_get0_chainX_initX_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                        • API String ID: 763122443-2839845709
                                                                                                                                                                                                                                        • Opcode ID: b48f323bb3930d43f480ec8cf23fa2bf609cce212e461ab0a102a758bfd2cb42
                                                                                                                                                                                                                                        • Instruction ID: 328fcceeb58067d6a1f84b34359d001689155f6cd95975654ceb23fec4ecef16
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b48f323bb3930d43f480ec8cf23fa2bf609cce212e461ab0a102a758bfd2cb42
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D510721B0FE5359F660BA62646677A26C26F49FC4F544030DE4C6BB87DE2EE5028308
                                                                                                                                                                                                                                        Function 00007FFDA33F6660 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                                        • Opcode ID: c88c4c3f4731a803fc86b9e04f67e28bdaca25c69aaa478f6faadb816f1c3ed3
                                                                                                                                                                                                                                        • Instruction ID: f8db243d3a20a0aebf9dec78e5cd1bf69003fa0a80f12a0652c2ba447e545ce6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c88c4c3f4731a803fc86b9e04f67e28bdaca25c69aaa478f6faadb816f1c3ed3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBD1C561B0FE4341EAA4B627956077A6697FF41788F844139CE4EAB397DE3EE4408308
                                                                                                                                                                                                                                        Function 00007FFDA33F2140 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_ctrl$R_put_errorX_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_enc.c$5$7
                                                                                                                                                                                                                                        • API String ID: 250720567-3625921376
                                                                                                                                                                                                                                        • Opcode ID: 2619aa74e0ff578f39f664eede36bdd1396a9527fe365b0e7b2afbfb8b6819ea
                                                                                                                                                                                                                                        • Instruction ID: 35f80032406eb4eed5bb67acfb1737663bfdf30d28d241681781bf50252a3fa3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2619aa74e0ff578f39f664eede36bdd1396a9527fe365b0e7b2afbfb8b6819ea
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0161A97170EB8286E730EA16A4107AA7652FB84794F504235EE8C9FBDADF3DD1418B08
                                                                                                                                                                                                                                        Function 00007FFDA3391032 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$E_free$E_dupL_sk_findL_sk_pushL_sk_set_cmp_funcM_read_bio_O_freeR_clear_errorR_put_errorX509X509_freeX509_get_subject_name
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                        • API String ID: 2219757170-349359282
                                                                                                                                                                                                                                        • Opcode ID: 7f4b34d42c4b10c1d405a69b51b442b60d0d086c11d475eb3bd771e0717693ce
                                                                                                                                                                                                                                        • Instruction ID: 2cb3c80ae1eb117baa70c73b7e156fad98c89c484119ce228d8320f989d44a5d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f4b34d42c4b10c1d405a69b51b442b60d0d086c11d475eb3bd771e0717693ce
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98316122F0FB8241FD54BB6695396BA62539F85B84F840430ED0D6BB9BDE2FE505C708
                                                                                                                                                                                                                                        Function 00007FFDA33B13D0 Relevance: 19.6, APIs: 13, Instructions: 77COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_sk_dupL_sk_freeL_sk_value$L_sk_insertL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3373104257-0
                                                                                                                                                                                                                                        • Opcode ID: a3ead74caf23433c4a1c5c0e7d506c135f103ed17aaf076af2691cb0232225d2
                                                                                                                                                                                                                                        • Instruction ID: 2d83290799ac26da8b6765c9e75347d9c451c463cd412d387210d578fd7f06be
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3ead74caf23433c4a1c5c0e7d506c135f103ed17aaf076af2691cb0232225d2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC21FD11F0FF0340EA55FB66947527A56A6AF86BC4F444031EE4DAB79BDE3ED4418308
                                                                                                                                                                                                                                        Function 00007FFDA3391028 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: P_get_cipherbyname$R_flags
                                                                                                                                                                                                                                        • String ID: AES-128-CBC-HMAC-SHA1$AES-128-CBC-HMAC-SHA256$AES-256-CBC-HMAC-SHA1$AES-256-CBC-HMAC-SHA256$RC4-HMAC-MD5
                                                                                                                                                                                                                                        • API String ID: 3190984984-741925770
                                                                                                                                                                                                                                        • Opcode ID: 6f8740cbacc770fa6272c5a404c7f4f8137812341698d6b35d336d35437e062b
                                                                                                                                                                                                                                        • Instruction ID: dc5b84a12c5c59b313d031c8a0cb2521e4c33bbc74ae7ad543155c82eecc5e40
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f8740cbacc770fa6272c5a404c7f4f8137812341698d6b35d336d35437e062b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07814E31F0FF8285FA61FB14D86027D22A2AF15758F514A32D94D6639ADF3FE845C208
                                                                                                                                                                                                                                        Function 00007FFDA339212B Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Digest$SignY_new_raw_private_key$FinalInitL_cleanseUpdateX_freeX_newY_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls13_enc.c$finished
                                                                                                                                                                                                                                        • API String ID: 2202177965-3224497825
                                                                                                                                                                                                                                        • Opcode ID: bfa7683e5702621685d4fdc208d98d6217d11a6222e38f6a19aad06955668821
                                                                                                                                                                                                                                        • Instruction ID: 3b8a231c88e595e12260c332bb9dbffd06db211836178061011ab344f0ca13f9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfa7683e5702621685d4fdc208d98d6217d11a6222e38f6a19aad06955668821
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5519361B0FF8286E660FB52A5203EAA352FB84780F844031EE4D6BB56CF7DD545C744
                                                                                                                                                                                                                                        Function 00007FFDA339179E Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 3703036260-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 70053e0306836b7e58aa59e08be65929d62ec7919dd2218014a973baea1c2fb9
                                                                                                                                                                                                                                        • Instruction ID: 1da7fc9cf193259ffdd6c5c3c2a96c3ccb1bb4ac5b0c76d58940e01c4a339ad8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70053e0306836b7e58aa59e08be65929d62ec7919dd2218014a973baea1c2fb9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C314E22B0FE0282EA64BF25D1351796362EF44BC4F440535EE5D6B79BDE2EE840C748
                                                                                                                                                                                                                                        Function 00007FFDA33F9180 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 300COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: P_get_curve_nameY_get0_Y_get0_group$A_sizeD_sizeY_get0
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff
                                                                                                                                                                                                                                        • API String ID: 2334240586-1408384096
                                                                                                                                                                                                                                        • Opcode ID: 21efc56513280731609205b3faaf35ad5098e27cae3890c174245a8993cae4d1
                                                                                                                                                                                                                                        • Instruction ID: d03cad874fcd9ff9c5c12490dc5cf3e19edddfe10172406b6b89f41f493ac530
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21efc56513280731609205b3faaf35ad5098e27cae3890c174245a8993cae4d1
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AC1F722B0FF4682EA64EA16916027D7392FB44B94F944135CE0F5B7D2DF3EE4928305
                                                                                                                                                                                                                                        Function 00007FFDA33C22C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$X509_get0_pubkey
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 2083351937-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 43b53f3200bee010aaf7f59663c1a73a0b1843591ae9a8ba624d5501690e331c
                                                                                                                                                                                                                                        • Instruction ID: dd6c5c54e490970cc341f6c4be59d94dbd2cc25c2109e9987d5d1c30f40434ab
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43b53f3200bee010aaf7f59663c1a73a0b1843591ae9a8ba624d5501690e331c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38415F22B0EE8281EF40EB19E4602BDA761FB98B88F440131EB4D5779AEF7ED545C704
                                                                                                                                                                                                                                        Function 00007FFDA33C2920 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • ERR_put_error.LIBCRYPTO-1_1(?,?,00000000,00007FFDA33C1515), ref: 00007FFDA33C2966
                                                                                                                                                                                                                                        • X509_get0_pubkey.LIBCRYPTO-1_1(00000000,00007FFDA33C1515), ref: 00007FFDA33C298F
                                                                                                                                                                                                                                        • ERR_put_error.LIBCRYPTO-1_1(?,?,00000000,00007FFDA33C1515), ref: 00007FFDA33C29B4
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$X509_get0_pubkey
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 2083351937-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 884195c7a7da835600f1eee0ad4ebaaadf4e36a5bf3d0ebf67f449453b7181c8
                                                                                                                                                                                                                                        • Instruction ID: c69e56dd9a829ce976e411de65c7f20a101025fea0ccac7ce6c2288dd9ff84cc
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 884195c7a7da835600f1eee0ad4ebaaadf4e36a5bf3d0ebf67f449453b7181c8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94318422B1EE4281DF00EB25E5602BDA361FB98B88F440231DB4D477AAEE7DD515C704
                                                                                                                                                                                                                                        Function 00007FFDA33A6B00 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$Y_freeY_newY_set1_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 520254984-4238427508
                                                                                                                                                                                                                                        • Opcode ID: 7dad9a4af01dc5a2cdbbfd88258f79400b1db408e416ebdea66e962741d42c5d
                                                                                                                                                                                                                                        • Instruction ID: 80ce6fc8203e40ce0fa2ac71c71f8fb8ef8428759a5562243e76ff93864ea142
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dad9a4af01dc5a2cdbbfd88258f79400b1db408e416ebdea66e962741d42c5d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3821BB22B0EA9182FB50EB16F0256AD6391FB85B84F440531DE4C6BB9BDF7ED502C708
                                                                                                                                                                                                                                        Function 00007FFDA3392086 Relevance: 16.7, APIs: 11, Instructions: 168COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_numL_sk_valueX509_get0_pubkeyX509_get_signature_infoY_security_bits$X509_get_extension_flags
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2769705397-0
                                                                                                                                                                                                                                        • Opcode ID: 33c1153a2ca171baa960d15b73c4ab7fa4c1103a7cea487869cd9c3040c9e254
                                                                                                                                                                                                                                        • Instruction ID: 74abab021abf419ea6da4b6c75b28d5ba06a7a3b9e032ee0e9d4a7d0d3c7761a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33c1153a2ca171baa960d15b73c4ab7fa4c1103a7cea487869cd9c3040c9e254
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D51F822F0FA8246FA74BA2665317BB5282BF85784F844131DD8EAB797DE3ED4018714
                                                                                                                                                                                                                                        Function 00007FFDA3391AB4 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Digest$UpdateX_free$D_sizeFinalR_flagsSignX_cipherX_copyX_mdX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 109953546-0
                                                                                                                                                                                                                                        • Opcode ID: eb4e143af4d4d04d39da5896b20edbf571c66f0854ba8e5a452a9d79286a8332
                                                                                                                                                                                                                                        • Instruction ID: b6ac3db35e94e9de24da71e100461f4cc629f1521f85556f51173e69f1f1a378
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb4e143af4d4d04d39da5896b20edbf571c66f0854ba8e5a452a9d79286a8332
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23619022B0EFC685EB90BF56A4203A96791FB45B84F044431EE8DAB756DF3EE451C704
                                                                                                                                                                                                                                        Function 00007FFDA339D390 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 413COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_ctrl$R_flagsX_cipher$O_test_flags
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                                                        • API String ID: 307562122-2209325370
                                                                                                                                                                                                                                        • Opcode ID: 1f4e983a24dc06b520c66316fbd4e6bd92d22cc08ded427cdae9f88e928edb8e
                                                                                                                                                                                                                                        • Instruction ID: 90eea3d351469a490b117bd87c918ea6feb421fa7755d90dab5a33c0367accc1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f4e983a24dc06b520c66316fbd4e6bd92d22cc08ded427cdae9f88e928edb8e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD02A022B0EB82C5EB10AF25D4353B96BA2FB41B88F484135DE4D6779ADF3AD445C708
                                                                                                                                                                                                                                        Function 00007FFDA339143D Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                        • API String ID: 0-1853348325
                                                                                                                                                                                                                                        • Opcode ID: 51a6d1f6c84192ea5b206ff27015bb0d73a143f5216482ab533bc11afe5d037f
                                                                                                                                                                                                                                        • Instruction ID: 58b4229f1bdbe9fed9a24cb08b7045205860d681b73373270017cd1213d0cb3b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51a6d1f6c84192ea5b206ff27015bb0d73a143f5216482ab533bc11afe5d037f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EC12162F0EA4286FB60AA62D5703BE2296AB447C8F444531DE4D67F87DF3FD5058708
                                                                                                                                                                                                                                        Function 00007FFDA33923AB Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeO_newO_s_fileR_put_errorX509_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 785824201-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 2600b677ca089214cab760b54ef9a5ed2276e83c04d06c3a8a5b5d2db8fb2803
                                                                                                                                                                                                                                        • Instruction ID: efb2b9eb74d1fc378b854a03262c961e9fe5b4ed69e465b3fa882ff97bf37a62
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2600b677ca089214cab760b54ef9a5ed2276e83c04d06c3a8a5b5d2db8fb2803
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F31DB21F0EBC185F620FA1694246B9A652AF44BC8F444031ED4D2FB97DE3ED5048748
                                                                                                                                                                                                                                        Function 00007FFDA33924AF Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 22e023790cc8bfa2066f259400ac95bd64eb38a259ea2f28560ae8ea52729c80
                                                                                                                                                                                                                                        • Instruction ID: 7c962ece0f334e190ba8d4f40ec9b844da7a8a677e7a926194b2d0740b85a682
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22e023790cc8bfa2066f259400ac95bd64eb38a259ea2f28560ae8ea52729c80
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F319721B0EB8286E620BF5695246BEB252FB45784F444131EE4D6BB87DF3EE504C748
                                                                                                                                                                                                                                        Function 00007FFDA3391334 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_puts$O_printf
                                                                                                                                                                                                                                        • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                                                                                                                                                                        • API String ID: 4098839300-1878088908
                                                                                                                                                                                                                                        • Opcode ID: 81d08f552ac5021e9d073e94e5971634f2ca62e54a22e041637047fa1638d17c
                                                                                                                                                                                                                                        • Instruction ID: 4598218bc1c3200c53dcd299bd31dbe1a59c6d54b5eb08649a40d6793469b879
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81d08f552ac5021e9d073e94e5971634f2ca62e54a22e041637047fa1638d17c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA31A422B0EF4299E654BB1999243B8B7A2FF04B80F484130DE0DA6797DF6EE155C208
                                                                                                                                                                                                                                        Function 00007FFDA3391B09 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: E_dupL_sk_new_reserveL_sk_numL_sk_pushL_sk_valueR_put_errorX509_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                        • API String ID: 2399292771-349359282
                                                                                                                                                                                                                                        • Opcode ID: e9450a67ceb80fbff851e583be58761fc6b891a49fedbbf2b0056d592af0fb7f
                                                                                                                                                                                                                                        • Instruction ID: b5fbcb73979e1ebad8affd0f6c3a1564f08c8fa19e0c6185649c06d5ce53bc2b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9450a67ceb80fbff851e583be58761fc6b891a49fedbbf2b0056d592af0fb7f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C321B622F0FB4686E650FB65A0241BA6362AF45780F840435EA8C6779BDF3EE501C608
                                                                                                                                                                                                                                        Function 00007FFDA3391267 Relevance: 15.3, APIs: 10, Instructions: 285COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrl$R_flagsX_cipher$D_sizeX_block_sizeX_md
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1400698538-0
                                                                                                                                                                                                                                        • Opcode ID: a0839041493ecec8e1fda1bee684fc38603b6214673b6655dbe64f8be690f05f
                                                                                                                                                                                                                                        • Instruction ID: 0f63ca628755cc22829ef91aa7a83d212fee93fcf224e6c5d9bd7eb0fa5213ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0839041493ecec8e1fda1bee684fc38603b6214673b6655dbe64f8be690f05f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AD1B022B0EBC184DB50AF66D4203B97BE2EB59B44F588136DE8CAB397DE2DD050C315
                                                                                                                                                                                                                                        Function 00007FFDA339127B Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4227620691-0
                                                                                                                                                                                                                                        • Opcode ID: 8aed1affb443e8690bbb403bf0adcad2e3c0d32cae46a9709aa529a9e288f9ac
                                                                                                                                                                                                                                        • Instruction ID: b9705e1e1af70b98cec05c568526331369d08269c08e26d0ed34c7ea9c4d7335
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8aed1affb443e8690bbb403bf0adcad2e3c0d32cae46a9709aa529a9e288f9ac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E212810F0FB8285E954FA62657A2791292AF45BC4F844474EE4D6FB9BEE2EE4018348
                                                                                                                                                                                                                                        Function 00007FFDA33B26A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: , value=$..\s\ssl\ssl_conf.c$cmd=
                                                                                                                                                                                                                                        • API String ID: 1767461275-2539137415
                                                                                                                                                                                                                                        • Opcode ID: d9802810e9701a17d34f23dd161e6efe2fa463e8ef9b5250154c4bf1e8837d09
                                                                                                                                                                                                                                        • Instruction ID: 77018ff537414c06e84af6c5879a66aebd4a614ee8e52935f9306856e729c41b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9802810e9701a17d34f23dd161e6efe2fa463e8ef9b5250154c4bf1e8837d09
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A451A662B0EA0282EB549F15F4603B963A2FB85784F548231DA4C977EBCF7ED594C708
                                                                                                                                                                                                                                        Function 00007FFDA3391F9B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                                        • String ID: exporter
                                                                                                                                                                                                                                        • API String ID: 3991325671-111224270
                                                                                                                                                                                                                                        • Opcode ID: 2afb9797b33d9297638b93ab6bc16b59a085d698a0f8486970915785abbf129f
                                                                                                                                                                                                                                        • Instruction ID: 3e07cd4be8f6d313c02dad1e16037b72fb8443dc67e16fbfc4b87b49e5f08268
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2afb9797b33d9297638b93ab6bc16b59a085d698a0f8486970915785abbf129f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F841663270EB8145E661AB56F8603ABA396EF897C4F800135EE8D5B75ADE3DD005CB04
                                                                                                                                                                                                                                        Function 00007FFDA33C0480 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$Y_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 2632022502-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 904d5c18ab6bec4cf1d598e462bf0da9adbf6e6a9e3d87eb24d2efa64cfd7623
                                                                                                                                                                                                                                        • Instruction ID: 7d410b25144c5d08184cdb7f7664a5320ed7a1558191ee6c8bd2062b6b5ac880
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 904d5c18ab6bec4cf1d598e462bf0da9adbf6e6a9e3d87eb24d2efa64cfd7623
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77217921B0EA4182EA50FB29F5252FD6352EF857C4F840031EB4C5BB9BDF2ED5558708
                                                                                                                                                                                                                                        Function 00007FFDA339128A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 3681941280-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 947481fc89862dcce42151ede8b2b86fca45220207ba98933243b060594f7a2a
                                                                                                                                                                                                                                        • Instruction ID: 5ac3d3a3afc9a189572a711d883908cfcced710df39187ca853993638f63a6ca
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 947481fc89862dcce42151ede8b2b86fca45220207ba98933243b060594f7a2a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A821A432B0FE4282EA60BF15E4605BE6361EF84B84F540531EA4D6B79BDE2EE445C744
                                                                                                                                                                                                                                        Function 00007FFDA3391B4A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_int_ctrlO_method_typeO_newO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 123414506-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 389d7474ab13e94a3928c8d2accdf533d185698b9e8d186c9f741816161a22e5
                                                                                                                                                                                                                                        • Instruction ID: 0d05023a0ba484849f6e800a89829850262f034de44e260e1172f26ced7ef42f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 389d7474ab13e94a3928c8d2accdf533d185698b9e8d186c9f741816161a22e5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2411A522B0EE4283EB51BF15E4216AD6351AF84B84F580431EE4D6B79BDE6EE4418704
                                                                                                                                                                                                                                        Function 00007FFDA33BC380 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorT_freed2i_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4245524859-0
                                                                                                                                                                                                                                        • Opcode ID: caa0485242f379319f089c10f6b55183d8e8e473915348a91493fba9ed0fc109
                                                                                                                                                                                                                                        • Instruction ID: e2d89df6cacab0defb3a6d3961e28bc4f85badb5c0a740b18e48d998759eee29
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: caa0485242f379319f089c10f6b55183d8e8e473915348a91493fba9ed0fc109
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49210511F0FF5201ED61BB2660652792296AF94FC4F440030ED0E5BB9BEE3EE441C348
                                                                                                                                                                                                                                        Function 00007FFDA33942AD Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3610643084-0
                                                                                                                                                                                                                                        • Opcode ID: 63ff83e49959672c030703a6d59917a4e0bfbc9d2593323b70730de8b2319a0a
                                                                                                                                                                                                                                        • Instruction ID: a6037a8edff38d5d12d15c7540d144e113d5179fc61d66fbcc2e5492d10eb240
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63ff83e49959672c030703a6d59917a4e0bfbc9d2593323b70730de8b2319a0a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09115E11F0EA1282F605F676507627D12439FCAB80F904031E90E6FB9FDD2EE543828D
                                                                                                                                                                                                                                        Function 00007FFDA3391FAF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: i2d_$L_sk_numX509_$L_sk_value
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 917959868-592572767
                                                                                                                                                                                                                                        • Opcode ID: 09ba129967b45b137b3bc78a8889e9f4feb98f2521486cf0e6eba5a8b4d9df85
                                                                                                                                                                                                                                        • Instruction ID: 01d151faa2e2d4be7b75f1f665aa08031eb14b0059672016a4ca243ceb9e16af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09ba129967b45b137b3bc78a8889e9f4feb98f2521486cf0e6eba5a8b4d9df85
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C518761B0EF1281F750B62594302BE5257AF85B84F444131ED4DABB8BDF2FE5568708
                                                                                                                                                                                                                                        Function 00007FFDA33917DF Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 139COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$n
                                                                                                                                                                                                                                        • API String ID: 458078758-706774904
                                                                                                                                                                                                                                        • Opcode ID: 60a04b5d0fc9915d211cffde725024d20eaaec1ed24f9a3a4863b1e9554a6ed7
                                                                                                                                                                                                                                        • Instruction ID: f4e887299e90a16fe4cce2f110de6d61b4c69c0b2f06e9ca98467a70d12eed9a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60a04b5d0fc9915d211cffde725024d20eaaec1ed24f9a3a4863b1e9554a6ed7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F617F32F0AB4285E790AB25D4A03A92392FB85B44F184031DA4DAB796CF7EE481C704
                                                                                                                                                                                                                                        Function 00007FFDA33A8B80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_freeX_new_id
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                        • API String ID: 4103210000-4238427508
                                                                                                                                                                                                                                        • Opcode ID: 5b6746392acf9515a4ef842c5afd1de47be2a80b810c09a93b1011c9ebdb47ef
                                                                                                                                                                                                                                        • Instruction ID: f2076c5f031efb07f83615148ea764a4365865d2c2ba6a694fa09f8087f1302f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b6746392acf9515a4ef842c5afd1de47be2a80b810c09a93b1011c9ebdb47ef
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F418532B0EB8185E720FB55E46026967A2FB84784F440535DA8D6B79ADFBFD500CB08
                                                                                                                                                                                                                                        Function 00007FFDA33DA9E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Y_free$H_get0_keyN_bn2binN_num_bitsY_get0_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 2719771601-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 4fb9a49ce2624ced39af038e4629619e56b5eb1ad96467c09a3bc2fb6d6d58fc
                                                                                                                                                                                                                                        • Instruction ID: f362b64a54b1f6e8e7319ce5ad7d49dd9b4cefeb668380f7adc7866b84914ba1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fb9a49ce2624ced39af038e4629619e56b5eb1ad96467c09a3bc2fb6d6d58fc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC31CA62B0EF8285F620AB12E9207795752EF44BC4F444130EE4D5BB97DF7ED1418B08
                                                                                                                                                                                                                                        Function 00007FFDA3391672 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                        • Opcode ID: ac900dc275f821c35ae86ae44e5b2222bfa04a49b88616d62975aabdba935327
                                                                                                                                                                                                                                        • Instruction ID: 5bef1d9d86bdf38fa06c410c2ead77347c9a1c11d1ec3cba9bdbf4a1c1773758
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac900dc275f821c35ae86ae44e5b2222bfa04a49b88616d62975aabdba935327
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF31B721F0EF4282F620BF16A4246BA6352EB457C4F444134EB4D2BB87DF3EE5059708
                                                                                                                                                                                                                                        Function 00007FFDA3391C76 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                        • Opcode ID: daa11998ee3bb9be341dd3ba0064433d86f3a7231bf98642ab67fa1aa0626244
                                                                                                                                                                                                                                        • Instruction ID: cd6466796e447ed7d1dee74b8397c6022f90520859283e0fcffa36d992809756
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: daa11998ee3bb9be341dd3ba0064433d86f3a7231bf98642ab67fa1aa0626244
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D731CD21B0EB8185F624BF1595246BDA252FB44B84F444031EE8D2FB87DF7EE1058B08
                                                                                                                                                                                                                                        Function 00007FFDA3392090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_freeO_newO_s_fileR_clear_errorR_put_errorX509_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 1025733963-2723262194
                                                                                                                                                                                                                                        • Opcode ID: ed382f29bae39c9e7c9e00999f74d5208c0602978ddc76a8304680abb18cd943
                                                                                                                                                                                                                                        • Instruction ID: 78597665ecf19ed750fe56186b317e45b5f4709756dfcaa7f1d385a1d7b91276
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed382f29bae39c9e7c9e00999f74d5208c0602978ddc76a8304680abb18cd943
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA11E622F0FB82C5EA14BB66A42566A6652BF44B84F448031FE4D6B787CE3DE505C708
                                                                                                                                                                                                                                        Function 00007FFDA33BE6D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1655923927-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 924fd08029f763ba65f8c6e63c527f02e3f961a01fa4046b1b7d900c3e637bf9
                                                                                                                                                                                                                                        • Instruction ID: ab9d9f3d1ceecfe8676f0f89f1165e0039903533ef53a87e8cfbf608480e7021
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 924fd08029f763ba65f8c6e63c527f02e3f961a01fa4046b1b7d900c3e637bf9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1117362B0EB4282EB50BB55F5253A963A1AF44740F840130EA4C5BB96DF3EE490C604
                                                                                                                                                                                                                                        Function 00007FFDA33F6867 Relevance: 12.2, APIs: 8, Instructions: 194COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_sk_valueY_id
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 483135270-0
                                                                                                                                                                                                                                        • Opcode ID: a1c66627b43ab85e7c316bcd6086916662488f76cb806797397fe51726f554d4
                                                                                                                                                                                                                                        • Instruction ID: e27e6b7ff679955d542710bae8f03b25dd4ecb428c8121f6197986e68cbe35f8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1c66627b43ab85e7c316bcd6086916662488f76cb806797397fe51726f554d4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47716F21B0FE4341FAE4B667846427A6697EF52784F844039CD4EAF3D7DE2FE8418209
                                                                                                                                                                                                                                        Function 00007FFDA3391C35 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_peek_error
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3623038435-0
                                                                                                                                                                                                                                        • Opcode ID: 841f9843018e20926d5cf40fd163cd2916a59f7097c20e876b480199809e561f
                                                                                                                                                                                                                                        • Instruction ID: b67e5dc33c2c79a82ad3d188cb12c5ab2e24a4e9a470bd104c00b6e7b576b3ab
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 841f9843018e20926d5cf40fd163cd2916a59f7097c20e876b480199809e561f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38419862F1EA8243FB64AA1182627791293DF85795F581030ED0DAF7CADF5DE8D1C708
                                                                                                                                                                                                                                        Function 00007FFDA33915A0 Relevance: 12.1, APIs: 8, Instructions: 115COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbynameR_block_sizeR_flagsR_iv_length
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4211416117-0
                                                                                                                                                                                                                                        • Opcode ID: f849f05b05856313d5fa0e17e8d7893e9aef98838ebdde64b4faa081f17e7bf2
                                                                                                                                                                                                                                        • Instruction ID: 531fb5f03990598f6f842cc25a036baf08acbfc17d9723383602a3bbac677e39
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f849f05b05856313d5fa0e17e8d7893e9aef98838ebdde64b4faa081f17e7bf2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6841B421F0FF8282EB64BA15987427D2296AF44B94F240932DE4E673D7CE7FE4418308
                                                                                                                                                                                                                                        Function 00007FFDA33BD3D0 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$E_dupL_sk_new_nullL_sk_valueX509_
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3273602126-0
                                                                                                                                                                                                                                        • Opcode ID: 384a8e73f91430befa1359a2efc38ed54145c7c9935cd85bac53e2e25b8013fe
                                                                                                                                                                                                                                        • Instruction ID: f3b862e6cc6e8f057f3a07b23660ced465cf38b530a9c9a888928321d68c0a07
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 384a8e73f91430befa1359a2efc38ed54145c7c9935cd85bac53e2e25b8013fe
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B218611B0FF4284EA50FF66556517A6293AF45BC0F844431EE4D5BB8FDE3EE5418708
                                                                                                                                                                                                                                        Function 00007FFDA3392149 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_free$O_new$O_s_connect
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3895418919-0
                                                                                                                                                                                                                                        • Opcode ID: da10eb825e0e563bff94107daed2826ae6c52e92ec16b46751b9dff8eb9b78bb
                                                                                                                                                                                                                                        • Instruction ID: f6fa7401813f887b58b84862d546479811b6568ce0044db81d3e13678d4c8b3c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da10eb825e0e563bff94107daed2826ae6c52e92ec16b46751b9dff8eb9b78bb
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89114C01F1FB4285F994BA62657627812925F85FC4F480430FD0E2FB9BEE2EE451834C
                                                                                                                                                                                                                                        Function 00007FFDA3391082 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 0-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 9908c30d386e56c9883aa6bc844b99757b2552e138a8e4e7a3afe7ff44a64411
                                                                                                                                                                                                                                        • Instruction ID: f6f634cf0a6dfe26cf8fe73a03244eab85c335eec37d808849ea679dcb38c394
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9908c30d386e56c9883aa6bc844b99757b2552e138a8e4e7a3afe7ff44a64411
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4071A772B1DB4181EB50DB56E4602AEA3A2EB84BD4F440131DF4D67B9ADF7EE481C708
                                                                                                                                                                                                                                        Function 00007FFDA33DA430 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_sk_valueR_add_error_data
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$No ciphers enabled for max supported SSL/TLS version
                                                                                                                                                                                                                                        • API String ID: 2496138956-1190228026
                                                                                                                                                                                                                                        • Opcode ID: 50f1bea0ed3a6b317a5d8ead4486e3ae08a54e01fc6dbb80b8a2b91fe8428c9a
                                                                                                                                                                                                                                        • Instruction ID: 77b5ab448249e646f389da224558b7d611556722622a51961ccda6b055e3e1bb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50f1bea0ed3a6b317a5d8ead4486e3ae08a54e01fc6dbb80b8a2b91fe8428c9a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10610932B0EA4286FB20AB21D5203BA6792EB44BD8F444535DE4D67BD6DF3ED584CB04
                                                                                                                                                                                                                                        Function 00007FFDA33E05D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA33DDC46), ref: 00007FFDA33E0762
                                                                                                                                                                                                                                        • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA33DDC46), ref: 00007FFDA33E077F
                                                                                                                                                                                                                                        • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA33DDC46), ref: 00007FFDA33E079C
                                                                                                                                                                                                                                        • BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA33DDC46), ref: 00007FFDA33E07B5
                                                                                                                                                                                                                                        • X509_get0_pubkey.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA33DDC46), ref: 00007FFDA33E07F4
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: N_bin2bn$X509_get0_pubkey
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 3650846462-1507966698
                                                                                                                                                                                                                                        • Opcode ID: 0edaff1258bc113235132cbb1a5cec1ec2f2be9e8088108892af5dfa69b06281
                                                                                                                                                                                                                                        • Instruction ID: 4f06ea038d5df64f65d88a6f616dc1763edcd15b0bf3ff77ba28dbffc05730ed
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0edaff1258bc113235132cbb1a5cec1ec2f2be9e8088108892af5dfa69b06281
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E761E622F2EF8142E7519B25E81456AB791FB85784F149230FECD26B5AEF3DE1D08B04
                                                                                                                                                                                                                                        Function 00007FFDA3391EC4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_freeL_sk_new_nullL_sk_pop_freeL_sk_push
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c
                                                                                                                                                                                                                                        • API String ID: 1097302043-1853348325
                                                                                                                                                                                                                                        • Opcode ID: d9dacf6ac08e5ad4454f912ed46bf30b7f0d7b223145e17aa30af26f6b8f0ef6
                                                                                                                                                                                                                                        • Instruction ID: ae89efcfc364a41bf50224cf77ed3f124b95e16acdd76144ad38cd400366b819
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9dacf6ac08e5ad4454f912ed46bf30b7f0d7b223145e17aa30af26f6b8f0ef6
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A71A132B0FB8182FA64AF1190602B9A7A2FB85784F444935EA8C2779ADF7FD150C704
                                                                                                                                                                                                                                        Function 00007FFDA3391087 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushX509_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                        • API String ID: 3595667005-2839845709
                                                                                                                                                                                                                                        • Opcode ID: bef948a377aced9a9640513ee69d687533e6cc91f2f8c9397661ca2781c60232
                                                                                                                                                                                                                                        • Instruction ID: 4fb7348009083cfc54d47f93c0fb1480bcfc84ac95160228cad1b3e528919ca8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bef948a377aced9a9640513ee69d687533e6cc91f2f8c9397661ca2781c60232
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE512972B1EB8185EB20AB15E02527A76D2FB48780F548131EA9D67BCADF7DD140C708
                                                                                                                                                                                                                                        Function 00007FFDA33F4BB0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: H_freeN_free$H_newH_set0_pqgY_security_bits
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3535209601-0
                                                                                                                                                                                                                                        • Opcode ID: 38e2faceb012d3d081e73d7634f6859666c0f1ea433d2cccdce83d55ee87d84a
                                                                                                                                                                                                                                        • Instruction ID: 95a4ff42a50ce2703feac2f0f0cb1af4489376a200615e95e1e4128b25b399c9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38e2faceb012d3d081e73d7634f6859666c0f1ea433d2cccdce83d55ee87d84a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8431C711B0FE42A1FA64B66BD17637D12929F44B80F946031EE0DAF7D7DE1FE4418209
                                                                                                                                                                                                                                        Function 00007FFDA3392036 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 90COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_cleanse
                                                                                                                                                                                                                                        • String ID: $ $0$extended master secret$master secret
                                                                                                                                                                                                                                        • API String ID: 1040887069-741269486
                                                                                                                                                                                                                                        • Opcode ID: e560bbdec0eb6eb61fe31982bdd348c18b756882f95c7118980c744146eefea5
                                                                                                                                                                                                                                        • Instruction ID: f3873097ff8ab01d2563c432ec3755bd329615fc72e61b9a7390a16310cb59b1
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e560bbdec0eb6eb61fe31982bdd348c18b756882f95c7118980c744146eefea5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A341797260EF8181E764DB11F8503AAB7A5FB88384F544134EA8C96B6ADF7ED055CB04
                                                                                                                                                                                                                                        Function 00007FFDA33F4180 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: J_sn2nid
                                                                                                                                                                                                                                        • String ID: DSA$ECDSA$PSS$RSA$RSA-PSS
                                                                                                                                                                                                                                        • API String ID: 1172147710-2025297953
                                                                                                                                                                                                                                        • Opcode ID: bcac1fb4a63517719ad2f8e1088973882d57c965363db6263953a7008ea55c7d
                                                                                                                                                                                                                                        • Instruction ID: 5921194d1c6aa3b9ef8d660a4df0fd36bf9b29e9219e404a25dffe156b567411
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcac1fb4a63517719ad2f8e1088973882d57c965363db6263953a7008ea55c7d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE314E32F1EA8195EB55AF15F02167C3BA1E793B80F884031D78E1B787DE6ED5918708
                                                                                                                                                                                                                                        Function 00007FFDA33A4350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeX_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 22238829-1839494539
                                                                                                                                                                                                                                        • Opcode ID: 068cf6293c690fb06a4e30fb99e4c718e17e155442e56078b543be9650ebc05e
                                                                                                                                                                                                                                        • Instruction ID: 92d4ee220a902e163b9b37ae93b216347ee163947f70f2a3f2a7ede39ece1599
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 068cf6293c690fb06a4e30fb99e4c718e17e155442e56078b543be9650ebc05e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4041F532B0EF8185E790EB15E4603AE63A1EB84BC4F484431DE4C6B79ADF7ED5858704
                                                                                                                                                                                                                                        Function 00007FFDA33AC2D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                        • API String ID: 732311666-349359282
                                                                                                                                                                                                                                        • Opcode ID: 1384f00df34dd4709c02b83e0d2e460942339c27aa67625b3f49140a8604e53d
                                                                                                                                                                                                                                        • Instruction ID: 8f17f30c684cad9c3f80446cb9a788deab01141e59296a8b7084b4eb6ab0efa3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1384f00df34dd4709c02b83e0d2e460942339c27aa67625b3f49140a8604e53d
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C221B862B0EF8285EB50FB66A5602AA6692FF857D0F040435EE4D97B97CE3ED0518708
                                                                                                                                                                                                                                        Function 00007FFDA33BE230 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_put_errorX509_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1042751175-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 18d6e307f41659d4fe5e29e40995efe3fd641488cd4191057f93b67a7cd2763b
                                                                                                                                                                                                                                        • Instruction ID: 5d2c99880c6f1c94a45c4615ce953da0911787f22f56692c91c012c142d55621
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18d6e307f41659d4fe5e29e40995efe3fd641488cd4191057f93b67a7cd2763b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3318D2270DB8282D754EB65E0602AE7762EF85B80F488435EE8EA7787DE3ED5418704
                                                                                                                                                                                                                                        Function 00007FFDA33BC610 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_push$L_sk_new_nullL_sk_popR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1161573302-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 4fe809b926df75dbb5895a260fd565c6403c0d814d651f156efcc790b44f56c7
                                                                                                                                                                                                                                        • Instruction ID: 4d56c3ce61406ab2e575756f9239853759a7b5e16aab21aefc7b99f196b5f5c3
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fe809b926df75dbb5895a260fd565c6403c0d814d651f156efcc790b44f56c7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B218321B0FF4242FA24FF1595206696396BF44B84F480531EA4C5BB9BDF3EE411C708
                                                                                                                                                                                                                                        Function 00007FFDA33918BB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_txt.c
                                                                                                                                                                                                                                        • API String ID: 2618924202-3774725576
                                                                                                                                                                                                                                        • Opcode ID: a93dc8ecfb537090e572208808795c9365e3899647bf385c588964d236eab8f5
                                                                                                                                                                                                                                        • Instruction ID: a5fb5e0fb4a75c0f7093bc09a9a18c06913d71a1940a0fea5b17fa5b5f3fe13e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a93dc8ecfb537090e572208808795c9365e3899647bf385c588964d236eab8f5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB01C421B0EB4182E640BB26E5241AAA362AB84BC4F444430FE4C5BB9BDE3ED441C708
                                                                                                                                                                                                                                        Function 00007FFDA33F4DB0 Relevance: 9.1, APIs: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_get0_pubkeyY_security_bits$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 3342971904-0
                                                                                                                                                                                                                                        • Opcode ID: 437cccf2833ac1f385fa586a24e7d90d51e0a571a0d527e360be67ecfdde7ad9
                                                                                                                                                                                                                                        • Instruction ID: 1afad099d7710435d3a538cec3e840e23ba8c7cfa954f25152324437b6eafd73
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 437cccf2833ac1f385fa586a24e7d90d51e0a571a0d527e360be67ecfdde7ad9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D41DB21F0FB8192FB74BA527422BB962427F94784F848131ED4D6BB97DE3DD4018708
                                                                                                                                                                                                                                        Function 00007FFDA33A89A0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Y_free$X_ctrlX_freeX_new_idY_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1769623012-0
                                                                                                                                                                                                                                        • Opcode ID: 7baf2ccd708ff7c16e23c7397b2d73f245fa3a807e372e9861693fbddd82aaba
                                                                                                                                                                                                                                        • Instruction ID: 0c97650d5b0f80024de4a71231290f03c179895a2f7c09fe554afe317fc2b2cb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7baf2ccd708ff7c16e23c7397b2d73f245fa3a807e372e9861693fbddd82aaba
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9218121F0FB4240EE50BB19E06536A67929F857C0F580534EA4D6F79BDE3FE4508708
                                                                                                                                                                                                                                        Function 00007FFDA3391677 Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_next$O_free_all$O_up_ref
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 1216991848-0
                                                                                                                                                                                                                                        • Opcode ID: 40ca3bc13def20431d9da46575e120ea3f0c625b7963116eb8534b5df92e68e9
                                                                                                                                                                                                                                        • Instruction ID: cfbdbd421b6283196a3047c504bf3730f2c56634aaae9361a2d321f63cd70776
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40ca3bc13def20431d9da46575e120ea3f0c625b7963116eb8534b5df92e68e9
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50213011F0FE0181EA65BE15D1611386762EF44BC5B444431EE5E6BF9BDE2AE852C348
                                                                                                                                                                                                                                        Function 00007FFDA33BC2B0 Relevance: 9.0, APIs: 6, Instructions: 33COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2268491255-0
                                                                                                                                                                                                                                        • Opcode ID: 1dc6f0dc2a73c695da2119627a0544bfdf0a7b41473aa3fba8bf3c51e5f7f15a
                                                                                                                                                                                                                                        • Instruction ID: 9df58796333d83d52167e8e9c39bccff902624e7e1174bdc201ccd846a5896ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dc6f0dc2a73c695da2119627a0544bfdf0a7b41473aa3fba8bf3c51e5f7f15a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF010062B1EF8181DB80BFA5D5653B86395EF81B88F480135EF4D5F79BCE259450C328
                                                                                                                                                                                                                                        Function 00007FFDA3391497 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy$ErrorLastO_read
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                                                        • API String ID: 1958097105-2209325370
                                                                                                                                                                                                                                        • Opcode ID: 38c7b9f4084c93f0ca89eebcfb356c7f62211b759816a710879226294b021cac
                                                                                                                                                                                                                                        • Instruction ID: 5c5a5cbf5b76bdfac91dc37d0c0f80b10985f15f5e5aa692e15a226df736846d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38c7b9f4084c93f0ca89eebcfb356c7f62211b759816a710879226294b021cac
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81919D32B0EB41C1EB50AE25D5653792B92FB44B88F588135DE8D2B79ADF3ED446C308
                                                                                                                                                                                                                                        Function 00007FFDA33918A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: f3a5ba7f6d80a0cb408b0fcfd62f675d9ac1ee47e69697cf8f8659fc2271d2fc
                                                                                                                                                                                                                                        • Instruction ID: 19db99fc5019765f9d2fa1ef044d8b7a670c3e3ecd8f34802b68a52bcec59d68
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3a5ba7f6d80a0cb408b0fcfd62f675d9ac1ee47e69697cf8f8659fc2271d2fc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7031B032B0EE8182F7A0AF15E0543AD2292EB85B98F544230EB5C5B7D7DF3ED5458B08
                                                                                                                                                                                                                                        Function 00007FFDA33915C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1603723057-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 89f62368dfd78e43b6aaef2ff44b857017d3a03ea8b98f1e5398c05de477dd3c
                                                                                                                                                                                                                                        • Instruction ID: 090218cae00610b926a852c9b692b78a088fd6ebe73e8020b6ed51b496974f14
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89f62368dfd78e43b6aaef2ff44b857017d3a03ea8b98f1e5398c05de477dd3c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B21AA32B0EE9182E750EF59E4602ED63A2EB89B84F550035DB4C57796DF3ED5428708
                                                                                                                                                                                                                                        Function 00007FFDA33918B6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_copy_exX_freeX_new
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$l
                                                                                                                                                                                                                                        • API String ID: 3371474330-3956761411
                                                                                                                                                                                                                                        • Opcode ID: 4934fddbed650ca5185a726fbc4d03dc04f784203a60af3fdb50a51585a56405
                                                                                                                                                                                                                                        • Instruction ID: b314d6a1dc0041d4e08ccd3baec18401f80b35c9bfd0226fcf4efd9e5b7fa948
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4934fddbed650ca5185a726fbc4d03dc04f784203a60af3fdb50a51585a56405
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F118471F0FE0185FB90BB21D4653AE23D1EB44744F544134EA4C6A797DF2EE5918B09
                                                                                                                                                                                                                                        Function 00007FFDA3391726 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlO_freeO_newX_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 3686289451-1839494539
                                                                                                                                                                                                                                        • Opcode ID: 5517de25ed110485cd751c00dfadacd434fb5aa6cbc87b638c18c2ee7d1549c4
                                                                                                                                                                                                                                        • Instruction ID: f9033bbaa14ef13f5ecd58a0c492474854e48605b10400ec3d2f24359416b205
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5517de25ed110485cd751c00dfadacd434fb5aa6cbc87b638c18c2ee7d1549c4
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85216D32B0AB8185EB40EF25E0643AC33A1EB85B84F488531DE4D5B756DF3AD0448704
                                                                                                                                                                                                                                        Function 00007FFDA33F7060 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • EVP_PKEY_id.LIBCRYPTO-1_1(?,00007FFDA33F5A22), ref: 00007FFDA33F7081
                                                                                                                                                                                                                                        • EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1(?,00007FFDA33F5A22), ref: 00007FFDA33F7094
                                                                                                                                                                                                                                        • EC_KEY_get0_group.LIBCRYPTO-1_1(?,00007FFDA33F5A22), ref: 00007FFDA33F709F
                                                                                                                                                                                                                                        • EC_GROUP_method_of.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,00007FFDA33F5A22), ref: 00007FFDA33F70DC
                                                                                                                                                                                                                                        • EC_METHOD_get_field_type.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,00007FFDA33F5A22), ref: 00007FFDA33F70E4
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_get_field_typeP_method_ofY_get0_Y_get0_groupY_id
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2889995728-0
                                                                                                                                                                                                                                        • Opcode ID: 88228880b2ab36d447a833b15d70785aa602bd40f02c6cc12d9c076089c1a719
                                                                                                                                                                                                                                        • Instruction ID: 89834021eeaca93e89abee919155ea3a7057559f7ce23210bddbd34fdb7e56e5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88228880b2ab36d447a833b15d70785aa602bd40f02c6cc12d9c076089c1a719
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C221B621F0FA8342FEA4B61694742B95292EF45BC4F945431EA0DAF787DE1FE4918308
                                                                                                                                                                                                                                        Function 00007FFDA3391EEC Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2231116090-0
                                                                                                                                                                                                                                        • Opcode ID: 06b184e8aff6a4c714648742d40273e4e81439a811fe90e127576b93b642ebe0
                                                                                                                                                                                                                                        • Instruction ID: 1552c3b2ed16ac670982e041500baa210a5e7c31e21e024b795066f6de5575ae
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06b184e8aff6a4c714648742d40273e4e81439a811fe90e127576b93b642ebe0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53016752F0FF8240FED5B655A56937962929F84BD4F480430ED0D5F78BEE1FE8508608
                                                                                                                                                                                                                                        Function 00007FFDA33AADC0 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2231116090-0
                                                                                                                                                                                                                                        • Opcode ID: c7f286bee5a364f93908d0bcaa8bfa495650d35525a56ed554aa8e1fe1420e01
                                                                                                                                                                                                                                        • Instruction ID: abe366a654fa4cf841d25bc0ee3866da41018cd189cf50da566295c209c2a909
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7f286bee5a364f93908d0bcaa8bfa495650d35525a56ed554aa8e1fe1420e01
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45F06252F0FF4240EE99B625A17577952935F44BC4F484430EA0D5B7DBFD2ED8408209
                                                                                                                                                                                                                                        Function 00007FFDA3391492 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                        • API String ID: 0-592572767
                                                                                                                                                                                                                                        • Opcode ID: c114874922da18d87b1cd7c059aa9ce40e889d5db5afcf86557e86988debdc2e
                                                                                                                                                                                                                                        • Instruction ID: e0e32dd25cbfa4f93c8a201479de4eab18ce2eb11ba6852e7b3f0f3ea43674ec
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c114874922da18d87b1cd7c059aa9ce40e889d5db5afcf86557e86988debdc2e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65412632B0EF4186E760AB15E4612AE77A2FB84B84F444132DA8C53B97CF7ED151CB08
                                                                                                                                                                                                                                        Function 00007FFDA33BEAE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 1b0a6a83a8de859187cb1d66e66bafa896eac2030360cf3a8a4e332dcf24a572
                                                                                                                                                                                                                                        • Instruction ID: 62355ee05cda504a895c253e47df6e23984bd05bb563b1e52ac0a2a0b262d2b5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b0a6a83a8de859187cb1d66e66bafa896eac2030360cf3a8a4e332dcf24a572
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C031A132B0EB81C2E760EF19E4642A97362FB84B84F544135EA8E677A6CF3ED441C704
                                                                                                                                                                                                                                        Function 00007FFDA33AD026 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: GOST12$IDEA(128)$SHA256
                                                                                                                                                                                                                                        • API String ID: 3142812517-3478822438
                                                                                                                                                                                                                                        • Opcode ID: 0ee7d9c449b57700f6b0122badbb2e63cec583c35b66510a1634b6d141170a85
                                                                                                                                                                                                                                        • Instruction ID: 71baefb85370c6410d179eaefd30b64242193c62e026ab2ec51fe9f772c890fb
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ee7d9c449b57700f6b0122badbb2e63cec583c35b66510a1634b6d141170a85
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20115122F0EFC240E1B5B768A5B80755663BB46750F450932DD8D32BAA8E3FE946D24C
                                                                                                                                                                                                                                        Function 00007FFDA33AD01D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: GOST01$IDEA(128)$SHA256
                                                                                                                                                                                                                                        • API String ID: 3142812517-4064199452
                                                                                                                                                                                                                                        • Opcode ID: 48f00fdf830d84b0e1a6ce7cac081e4e2c3cde34cd2f340040eeb0577445dced
                                                                                                                                                                                                                                        • Instruction ID: 0f135210a43865eceed2547a5ec5d08c5ce6545f231f05c4eceee7f3d7742274
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48f00fdf830d84b0e1a6ce7cac081e4e2c3cde34cd2f340040eeb0577445dced
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3115122F0EFC240E1B5B668A4B80755663BB46750F450932DD8D32BAA8E3FE946D24C
                                                                                                                                                                                                                                        Function 00007FFDA33AD02F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: IDEA(128)$SHA256$any
                                                                                                                                                                                                                                        • API String ID: 3142812517-1956614738
                                                                                                                                                                                                                                        • Opcode ID: 00cce516c7068fc39e7fe38981f1bd0e8e7d18e8ad0c709d4558a1144872ddad
                                                                                                                                                                                                                                        • Instruction ID: a1066ac39e5b59b4c10f70cd5aefcea1f6a734e53dcfe72a55f35ff39b8128ee
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00cce516c7068fc39e7fe38981f1bd0e8e7d18e8ad0c709d4558a1144872ddad
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0115122F0EFC240E1B5B668A4B80755663BB46750F450932DD8D32BAA8E3FE946D24C
                                                                                                                                                                                                                                        Function 00007FFDA33ACFF4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: DSS$IDEA(128)$SHA256
                                                                                                                                                                                                                                        • API String ID: 3142812517-3841199953
                                                                                                                                                                                                                                        • Opcode ID: f59b9cddd3d554ae8c123d9a0cb69be6731b7505dc93b55a2ea8e232922a2f7b
                                                                                                                                                                                                                                        • Instruction ID: 61f4297f838cb832e2cc7f797dc2b4c666ac38f253c76dfca239bfaef935d9ff
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f59b9cddd3d554ae8c123d9a0cb69be6731b7505dc93b55a2ea8e232922a2f7b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40115432F0EFC240F1B5B664A4B80755663BB46750F450932DD8D32BAA8E3FE945D24C
                                                                                                                                                                                                                                        Function 00007FFDA33AD00B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: IDEA(128)$PSK$SHA256
                                                                                                                                                                                                                                        • API String ID: 3142812517-1637006702
                                                                                                                                                                                                                                        • Opcode ID: cc1f448825adac184fd75aabf026ca9b88f3cd33f692c95f3bf97e13c86ae02a
                                                                                                                                                                                                                                        • Instruction ID: 8271add70cf6d3ca7270b10a9b4e50251a5a4ebeda0208722b3feab0c0745c71
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc1f448825adac184fd75aabf026ca9b88f3cd33f692c95f3bf97e13c86ae02a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8115422F0EFC240E1B5B664A4B80755663BB46750F450932DD8D32BAA8E3FE945D24C
                                                                                                                                                                                                                                        Function 00007FFDA33AD002 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: ECDSA$IDEA(128)$SHA256
                                                                                                                                                                                                                                        • API String ID: 3142812517-1715931570
                                                                                                                                                                                                                                        • Opcode ID: 38414b7b60219f9904a8b9499828dbf3438692671d6591d5b6f9471c435a5ed8
                                                                                                                                                                                                                                        • Instruction ID: 3fbb5ffa294d4986ff721cc42cb670c329d91fa1899ba6c4d3943985b6508693
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38414b7b60219f9904a8b9499828dbf3438692671d6591d5b6f9471c435a5ed8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62115422F0EFC280E1B5B768A4B80755663BB46750F450932DD8D32BAA8E3FE945D24C
                                                                                                                                                                                                                                        Function 00007FFDA33AD014 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: IDEA(128)$SHA256$SRP
                                                                                                                                                                                                                                        • API String ID: 3142812517-1647395391
                                                                                                                                                                                                                                        • Opcode ID: e544eb4973c11f203afa2ab09381c5341a4503b74cfa6c7e637e9f7fb0468198
                                                                                                                                                                                                                                        • Instruction ID: 403cfdd06934e8b4bcaaaaf906de3da62d9aeb492d163c4cbda8e10e6e67f472
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e544eb4973c11f203afa2ab09381c5341a4503b74cfa6c7e637e9f7fb0468198
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E115422F0EFC280E1B5B664A4B80755663BB46750F450932DD8D32BAA8E3FE945D24C
                                                                                                                                                                                                                                        Function 00007FFDA33912AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$X509_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 4102096802-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 51f9ee5f773b574eb6b832e9d9f7184bed7923b16b624f08f870af95bc0a2dd8
                                                                                                                                                                                                                                        • Instruction ID: 1e6b9b466366de80f07764a059f678a7be4d03b62cf765b05d57a98c07a6c240
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51f9ee5f773b574eb6b832e9d9f7184bed7923b16b624f08f870af95bc0a2dd8
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5011B93170EA4281F750AB25F4247AAA692EB84784F440135EA4D9B797DE7ED1048704
                                                                                                                                                                                                                                        Function 00007FFDA33E43C5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushX509_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c
                                                                                                                                                                                                                                        • API String ID: 3595667005-2839845709
                                                                                                                                                                                                                                        • Opcode ID: fd4ef44cb12cd00ed6221ca57e1f9046a273e791c53f36e0d37e6e020b07bc63
                                                                                                                                                                                                                                        • Instruction ID: cb92a771d8c9ffcbb602c6dd1e278c8d8e7b18eeed02f93c632f399d4e56fed8
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd4ef44cb12cd00ed6221ca57e1f9046a273e791c53f36e0d37e6e020b07bc63
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4201D222B0EB0195E610FB26B8215A56791BB487C0F944531EE4C57B8BDE3DE141CB08
                                                                                                                                                                                                                                        Function 00007FFDA33BAC47 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 3703036260-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 1979a29e559fb759f964a65f1a5ad79a45fc677aec8660a0e1eac6294c164ccf
                                                                                                                                                                                                                                        • Instruction ID: 78c572e663732ff2559c5d0934178152fb7126f88624adfb384df6f70077a5af
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1979a29e559fb759f964a65f1a5ad79a45fc677aec8660a0e1eac6294c164ccf
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07F0F622B0EB8286E750EB24E42529A67A1EF84B84F544030EA4C57B9BEF3ED441CB04
                                                                                                                                                                                                                                        Function 00007FFDA3391B54 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$E_finish
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                        • API String ID: 1409615136-2868363209
                                                                                                                                                                                                                                        • Opcode ID: a9936718249715fa64b7068e36b406c217a2e2f3936cd75bf567ea1d7860b9d3
                                                                                                                                                                                                                                        • Instruction ID: dfbc6342dd93461b35c3302bc76e0ca6ca6310f64274fc0d023c8536d5fb333e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9936718249715fa64b7068e36b406c217a2e2f3936cd75bf567ea1d7860b9d3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21112522B1EA4282EB54EB20F5201EE7361EB88788F840030EA0C87797DF3DD590CB08
                                                                                                                                                                                                                                        Function 00007FFDA33913E3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: d86359fd886befee3ad0e900fcd957209921a50bfeb4f7c878b442ffcd91102f
                                                                                                                                                                                                                                        • Instruction ID: 01bb61119da357c204cd715d4296fd34625fa4f4f854a6e1b37b61573274018a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d86359fd886befee3ad0e900fcd957209921a50bfeb4f7c878b442ffcd91102f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0117372B0FA4686EB50EF61C8256AD37A2FB80704F804034D64D577A7DF7EE64ACA04
                                                                                                                                                                                                                                        Function 00007FFDA33BC730 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_numL_sk_valueR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 2441919041-1080266419
                                                                                                                                                                                                                                        • Opcode ID: f700ab582ce72b20b3f2fb65d247802b5291c1a17ac2840f69835c5ef3980627
                                                                                                                                                                                                                                        • Instruction ID: 4a95ea88ea238b02cb1f6f2a8764bd1429459c2c850dc7b4027ef3a452771254
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f700ab582ce72b20b3f2fb65d247802b5291c1a17ac2840f69835c5ef3980627
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A01D865B0EA4246F760AB59A06126A5252AF867C4F544031FA5CAB79BCF2FD4418708
                                                                                                                                                                                                                                        Function 00007FFDA339199C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: PrivateR_put_errorY_freed2i_
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 107863293-2723262194
                                                                                                                                                                                                                                        • Opcode ID: b54acbc307616bf05a87880a85c63668bb7b122d96903026cb70c7aa7d21d43a
                                                                                                                                                                                                                                        • Instruction ID: 5aa02c9f0f249e224b50a0189f54b7fdb3ffee0995a93a746ff9047b89457335
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b54acbc307616bf05a87880a85c63668bb7b122d96903026cb70c7aa7d21d43a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F901DB21B0EA8141DB40F765F5541AEE392EF887C4F844030EA4C5B79BDE7DD505C608
                                                                                                                                                                                                                                        Function 00007FFDA339203B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33stringCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error$L_sk_freeL_sk_new_nullstrchrstrncmp
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\d1_srtp.c$H
                                                                                                                                                                                                                                        • API String ID: 767303460-1001428523
                                                                                                                                                                                                                                        • Opcode ID: 46a4d4cd6dbd92831b3010572904530bbd35637de025e85210838b50f913cd55
                                                                                                                                                                                                                                        • Instruction ID: dc1404b04b5e72351601999298489e1d15341818e7fcfff62b50225a997c1ade
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46a4d4cd6dbd92831b3010572904530bbd35637de025e85210838b50f913cd55
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33F0F611F0F556C2E6A1F72694356B91252AF04740F404030ED0C6B387ED3EEA478708
                                                                                                                                                                                                                                        Function 00007FFDA33F4430 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: C_curve_nist2nidJ_ln2nidJ_sn2nidmemcpy
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 722349470-0
                                                                                                                                                                                                                                        • Opcode ID: 8686d4e1e54d66ed8340572fda6946d392ec4064c40acef1e0005b4c83b2b9b7
                                                                                                                                                                                                                                        • Instruction ID: 991ac670bc39ad50111a6ad39571b1dca73208cac435c6a974d3634b2ccaffb2
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8686d4e1e54d66ed8340572fda6946d392ec4064c40acef1e0005b4c83b2b9b7
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0021CD21B0FE4251EB64BB34D47117962D2EF84744FD48131DB4DBB79BDE2ED8818604
                                                                                                                                                                                                                                        Function 00007FFDA33920B8 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM
                                                                                                                                                                                                                                        • API String ID: 3510742995-484036895
                                                                                                                                                                                                                                        • Opcode ID: 011b893e490a63b3c92d8efe84f54357e110d8b638e152a84c7dc55f0bcaab4b
                                                                                                                                                                                                                                        • Instruction ID: c245fd8fe5263f2f6d867027d580cdb41b3ce0f39670b61b93ff51bcc0c8355f
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 011b893e490a63b3c92d8efe84f54357e110d8b638e152a84c7dc55f0bcaab4b
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24518432B0AB4586EBD0AB16D4643AC63A5EB44BC8F284036DF4D6B796DF3AD481C705
                                                                                                                                                                                                                                        Function 00007FFDA3391A55 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Calc_D_priv_bytesL_cleanseN_bin2bn
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4178199679-0
                                                                                                                                                                                                                                        • Opcode ID: 273a33d487260da49187d4c10f5fa2f6ee92e18e219aa5f00044df8f64e6f2a0
                                                                                                                                                                                                                                        • Instruction ID: 102db4fa9ff0f913c00d1f754fb0b3c4f3d48989d980d790470b3fea04182541
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 273a33d487260da49187d4c10f5fa2f6ee92e18e219aa5f00044df8f64e6f2a0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5217622B0FF8282E790AF15D4643A96391FF44B48F844036DA4C9E79ADF7DE445C744
                                                                                                                                                                                                                                        Function 00007FFDA3391BA4 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 280995463-0
                                                                                                                                                                                                                                        • Opcode ID: 875e4b38415a8378ffa02e95b147fd813b6e56d85133ec7937aa6488ecc64ff5
                                                                                                                                                                                                                                        • Instruction ID: 11400f3551c968b9921ddc419a60e29d27aea52f36b9fa9f8fa60818bf3d4350
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 875e4b38415a8378ffa02e95b147fd813b6e56d85133ec7937aa6488ecc64ff5
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB018021F0FA4281FA54FA56A13626962929F44BC0F489030EE4D6BF9FDF2DE8418348
                                                                                                                                                                                                                                        Function 00007FFDA33AE250 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: L_sk_free$F_parse_listL_sk_new_null
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4265814531-0
                                                                                                                                                                                                                                        • Opcode ID: ba9ce2c0aaabc28efa49240988bee899b5cbb54f3b6881b921706af106475906
                                                                                                                                                                                                                                        • Instruction ID: 276a041015212d86e05048753c1c7c6f50dbed0a6a803c5f5811a7d6cbcf3da5
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba9ce2c0aaabc28efa49240988bee899b5cbb54f3b6881b921706af106475906
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07017121F0EF9281E751BB16F4202696361AF45780F484431EF8C677ABDE3ED851C704
                                                                                                                                                                                                                                        Function 00007FFDA33BEC60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_free$DigestInit_exX_new
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 4262507187-0
                                                                                                                                                                                                                                        • Opcode ID: f9a86801ca1aed203a35bd588d698204f26786af8f78feeedb783c8f94ff1484
                                                                                                                                                                                                                                        • Instruction ID: 418e40f23163bbde114cb8cebaf356680c3ef3a864d6fa21dc80782c01656b0d
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9a86801ca1aed203a35bd588d698204f26786af8f78feeedb783c8f94ff1484
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDF04422F1EF4180EB91BB79F56536952929F48BC4F445031EE4C9B79BDE2DD4408705
                                                                                                                                                                                                                                        Function 00007FFDA33913E8 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_free
                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                        • API String ID: 2268491255-0
                                                                                                                                                                                                                                        • Opcode ID: a3fc34807825a5f8c45eb61554d49c1479a83379d266a00b577f7af77c1c2c0a
                                                                                                                                                                                                                                        • Instruction ID: 19e1e5701007d9c834f8d027c75bf00eeb30950a41e612f9e96867525e306f5a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3fc34807825a5f8c45eb61554d49c1479a83379d266a00b577f7af77c1c2c0a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F03672B0EA4180E794BF65D5643B9A355DF80B44F580135EB4D5F757CE2690508229
                                                                                                                                                                                                                                        Function 00007FFDA33F2688 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_new$R_flagsR_key_lengthX_freeX_reset
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_enc.c
                                                                                                                                                                                                                                        • API String ID: 3297287953-4043206075
                                                                                                                                                                                                                                        • Opcode ID: 3bd6d2d28c7a41e88e9bdf29ed0b0b031f6b93dae10a4ee1d64ac48b61571139
                                                                                                                                                                                                                                        • Instruction ID: 7816b0181bd415bb9614dd9d1c4f43bdb5850f179028e9a95d35e8638b72aa3e
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bd6d2d28c7a41e88e9bdf29ed0b0b031f6b93dae10a4ee1d64ac48b61571139
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1131FE3670BB41C6E790AB26E8617A937A1FB48B48F488135EE0C8B391DF3AD485C714
                                                                                                                                                                                                                                        Function 00007FFDA33E2210 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140 ref: 00007FFDA33E22E7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA33E0EC7
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA33E0ECF
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA33E0EE1
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA33E0EE9
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA33E0F02
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA33E0F0A
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 00007FFDA33E0F20
                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3391267: BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA33E0F9B
                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA33E2417
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlR_flagsX_cipher$D_sizeX_block_sizeX_mdmemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                        • API String ID: 1483294773-3140652063
                                                                                                                                                                                                                                        • Opcode ID: 09dd42efeb7f6c066ae651e732b0f55d688e88de87db28697bb8288739681a42
                                                                                                                                                                                                                                        • Instruction ID: 9b0b18cf58ee5ce1b59999e0590a1e3a7a3fc466acf70cfd58932dc912104408
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09dd42efeb7f6c066ae651e732b0f55d688e88de87db28697bb8288739681a42
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E617932709F8492D784EB26E4A47AE77A9FB88B84F104126EF9C93752CF39D460C704
                                                                                                                                                                                                                                        Function 00007FFDA3391429 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrl
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                                        • API String ID: 3605655398-490761327
                                                                                                                                                                                                                                        • Opcode ID: c0c41c08d580abeedd9fc6d61c0f7728c7c37a0dd6c3c2044ca31084de9b5d3c
                                                                                                                                                                                                                                        • Instruction ID: 23d644b31c68e88a4ef219bbe19c7f363dd7a6266c3bac0f4dbdecd355dde407
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0c41c08d580abeedd9fc6d61c0f7728c7c37a0dd6c3c2044ca31084de9b5d3c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84519C32B0EB86C6D798AB16D2643FD33A2FB84B94F444171DA2D177A2CF39D0518B04
                                                                                                                                                                                                                                        Function 00007FFDA3391816 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_ctrlmemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                        • API String ID: 2266715306-3140652063
                                                                                                                                                                                                                                        • Opcode ID: 59928f5e7eef2be7663097de17e0c901667dfeed1f0bc6a05952331385911dd3
                                                                                                                                                                                                                                        • Instruction ID: 979dd59b6d276edaa118df0b6a7fba0be0f981a59ca1d67f84e1f0b1b4a93e8c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59928f5e7eef2be7663097de17e0c901667dfeed1f0bc6a05952331385911dd3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48514536709BC0D6D784AB21E5907AEB7A9FB88B80F104026EB9C97756DF79E064C704
                                                                                                                                                                                                                                        Function 00007FFDA339157D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 45e274cc35623b7ccd2c62ac03a5abe31612a10fb73056cd221eecf8036724b3
                                                                                                                                                                                                                                        • Instruction ID: 067d3fa134249236b7e9db0b22e7db7a78cd8006e4df0dfdb933d665d7da84ee
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45e274cc35623b7ccd2c62ac03a5abe31612a10fb73056cd221eecf8036724b3
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1631E87170EF8186EB64EB05D8202A9A651FB44BC8F544035DF4D5B796DF3EEA058704
                                                                                                                                                                                                                                        Function 00007FFDA33920C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                        • API String ID: 3946675294-1507966698
                                                                                                                                                                                                                                        • Opcode ID: a1503e31f175d781a97ad7aaaf7a1c1e9d378f1c382d1f5acca371757fc66c65
                                                                                                                                                                                                                                        • Instruction ID: 016d75d2a8c13924ac4094e6b3a599c82a2f83fc44632d473e15c17c4d1344c4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1503e31f175d781a97ad7aaaf7a1c1e9d378f1c382d1f5acca371757fc66c65
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4431F772B0EE4186EB51AB15E4A037933A2EB49B88F144530DA4E9B797DE2FD481C708
                                                                                                                                                                                                                                        Function 00007FFDA33917A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: D_bytes_time64
                                                                                                                                                                                                                                        • String ID: DOWNGRD
                                                                                                                                                                                                                                        • API String ID: 3543108242-2922851170
                                                                                                                                                                                                                                        • Opcode ID: ac61183ac94fb41d2930333c269051c16caa49c2fb30034472d99f313297ded0
                                                                                                                                                                                                                                        • Instruction ID: c42db453e154c9d90a86b0a3058c4086712e652797428e546901b433876bc63c
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac61183ac94fb41d2930333c269051c16caa49c2fb30034472d99f313297ded0
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0221C922F0DA8283FB5CA725E57107D6692EB94340F484438DB4E9B792DE6EE860C704
                                                                                                                                                                                                                                        Function 00007FFDA339167C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 3946675294-348624464
                                                                                                                                                                                                                                        • Opcode ID: caaaf6de2a72a09f445eb53090457139a3b9b5a6dbd436d9ee0ec4dbf6b02860
                                                                                                                                                                                                                                        • Instruction ID: 8fc41600ffeab25eba853c38419b024be93b04cdfb5a610fda9ce6639522add9
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: caaaf6de2a72a09f445eb53090457139a3b9b5a6dbd436d9ee0ec4dbf6b02860
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A21D121B0EA4186E752AB15D4A47BC27D2EF88748FA44036EA8C97793CF7ED145C708
                                                                                                                                                                                                                                        Function 00007FFDA33BF0B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ($..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1617307452
                                                                                                                                                                                                                                        • Opcode ID: 51bab0d6b50df40cc1a40c8f817d29ce02ce7dd77ce4aa1778e18f7ea270fb3f
                                                                                                                                                                                                                                        • Instruction ID: be4bdc9468660846e73f25ecc8e926c9ea788dee87495cbcfbdcfc505cfa1dab
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51bab0d6b50df40cc1a40c8f817d29ce02ce7dd77ce4aa1778e18f7ea270fb3f
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5121A27270EF4285E720AF14E4143AD66A1EB48798F181636EB5C9B7DACF3ED5418B08
                                                                                                                                                                                                                                        Function 00007FFDA33EB425 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                        • API String ID: 3946675294-348624464
                                                                                                                                                                                                                                        • Opcode ID: 8ace9d13711fa439dad88855eea88bb30301a770df919f0de99dc793be449ac2
                                                                                                                                                                                                                                        • Instruction ID: 6a66456520150a9917e9b372e840ac125eda89619035f5b30036bf4a7a3ec396
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ace9d13711fa439dad88855eea88bb30301a770df919f0de99dc793be449ac2
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF218B32F0EA4686FB52AB15D4647AC27D2EF85340F944038DA4D1B79ADF7ED445CB08
                                                                                                                                                                                                                                        Function 00007FFDA33B7050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: C_get_current_jobR_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 4281227279-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 3ef0d370201021906945eca62cf524fb2027a15679a30733b09946cd0a50bfec
                                                                                                                                                                                                                                        • Instruction ID: a737256d713ca6e52a4ac1bc5dc70366db492ae6527b69c438606bd1a554786a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef0d370201021906945eca62cf524fb2027a15679a30733b09946cd0a50bfec
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D215132B0EA4686E750EF25E5212AD2392EF84B84F481131EF5D67397DF3DD445CA04
                                                                                                                                                                                                                                        Function 00007FFDA33B6870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_errormemcpy
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1385177007-1080266419
                                                                                                                                                                                                                                        • Opcode ID: eaaaa63b50c14f0595753ff511f807b9080da85bf6da4627cc2f5fd20a7fd727
                                                                                                                                                                                                                                        • Instruction ID: e20d7d215967567aa811efda55ebd8f454835780deb3458a2f487403774d0402
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eaaaa63b50c14f0595753ff511f807b9080da85bf6da4627cc2f5fd20a7fd727
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F21C672B09A8192D794EF26E4603AC73A1FB44B84F444035DF5D9B396DF39E8918714
                                                                                                                                                                                                                                        Function 00007FFDA33BE910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        • ERR_put_error.LIBCRYPTO-1_1(?,?,?,?,?,?,00007FFDA33B9DB9), ref: 00007FFDA33BE95D
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 3511bef639becf2eb8f30ba02c1f347fbe8a85f3a364bd56e643b1f1796df35e
                                                                                                                                                                                                                                        • Instruction ID: 2428503b8fb9e36ee79123562dbd674c1edf3e91e94be8e5b5124a66edb405a6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3511bef639becf2eb8f30ba02c1f347fbe8a85f3a364bd56e643b1f1796df35e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15218C32B0EB8186E750AF19F4542A97761FB84B84F184136EE9D577AACF3ED005C604
                                                                                                                                                                                                                                        Function 00007FFDA33918A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\d1_msg.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-424620239
                                                                                                                                                                                                                                        • Opcode ID: 5de424e7a538f6ddf2f3688829e703897af8181ca24363d0d1577822cb3d9344
                                                                                                                                                                                                                                        • Instruction ID: 7cd6a2331d7574bb5d55cec85a4780b5bb118065853337cf388055427fbde54a
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5de424e7a538f6ddf2f3688829e703897af8181ca24363d0d1577822cb3d9344
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A115121F1EA46C2F220AB51E8202796362EF85B90F544131EE9C6B7DBDF3ED5408A08
                                                                                                                                                                                                                                        Function 00007FFDA33ACFFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                                                        • String ID: IDEA(128)$SHA256
                                                                                                                                                                                                                                        • API String ID: 3142812517-2727354722
                                                                                                                                                                                                                                        • Opcode ID: 243d50c8bfbcd816627c628de88ce4573339dec267df31332d60ae5088eff3de
                                                                                                                                                                                                                                        • Instruction ID: ae546b3b38224a289b91dfb6bf43d6d1140475b582f578b5083765a8408c3906
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 243d50c8bfbcd816627c628de88ce4573339dec267df31332d60ae5088eff3de
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82116322F0EFC240E1B5B668A4B80755663BB46750F450932DD8D32BAA8E3FE946D24C
                                                                                                                                                                                                                                        Function 00007FFDA33D91E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                        • String ID: -
                                                                                                                                                                                                                                        • API String ID: 0-2547889144
                                                                                                                                                                                                                                        • Opcode ID: 8677349fbc09ba15fed19dea9b386fa4c2ef1b0d2a3f9eb1a8f44694d0af84ff
                                                                                                                                                                                                                                        • Instruction ID: d4509b148ac3352a9cdd40657fa46e02992be0e3a129bc9b29bd67251d1ed293
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8677349fbc09ba15fed19dea9b386fa4c2ef1b0d2a3f9eb1a8f44694d0af84ff
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6114272B0D54186EB809F1AE06436C23A2E745B98F544435CB0D5B38BEE3FD4998B04
                                                                                                                                                                                                                                        Function 00007FFDA33911C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 8edf94b06bfb40fd761c651a599a7fa49fb75ddfdf1ee2bb913106bd9441291e
                                                                                                                                                                                                                                        • Instruction ID: 5f322ff417b736163b9819ee91b0e34a4b6b2371abce149c18cffd8bd7a25bc6
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8edf94b06bfb40fd761c651a599a7fa49fb75ddfdf1ee2bb913106bd9441291e
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7117075F0EA4297F750AB60D4223B92296AF45300F444034EA1CAA7D6EF3EEA41C71C
                                                                                                                                                                                                                                        Function 00007FFDA33A4880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: DigestO_writeUpdate
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                        • API String ID: 1267058251-1839494539
                                                                                                                                                                                                                                        • Opcode ID: 0c321f4d1d2e285ec5e7cccce01f789661438dcc77b8e3da1ce5419385376529
                                                                                                                                                                                                                                        • Instruction ID: b7642fb41914a1434ca100849a3da115f7c3a1edbbab645455bec96abb03c517
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c321f4d1d2e285ec5e7cccce01f789661438dcc77b8e3da1ce5419385376529
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC11E332F0EA8195FB60BB10E4613BD26A1EB84784F144531EA4CAB79ADE2FD5428708
                                                                                                                                                                                                                                        Function 00007FFDA33C0820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-2723262194
                                                                                                                                                                                                                                        • Opcode ID: d03c514649e60af05edf545ae6665b69f9c7940923fd1d69c81d18646e6b0c40
                                                                                                                                                                                                                                        • Instruction ID: 51fe417f2b70d2c77fae5cafd421cb690d147f6f980f33150df35c2475af8972
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d03c514649e60af05edf545ae6665b69f9c7940923fd1d69c81d18646e6b0c40
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01E571B0DA4286EB90EB25E4242AAA362FB887C4F444130EB4C87797DF7ED5058A08
                                                                                                                                                                                                                                        Function 00007FFDA33E6110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: X_copy_ex
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$~
                                                                                                                                                                                                                                        • API String ID: 774438373-2468549520
                                                                                                                                                                                                                                        • Opcode ID: 1ab779c8647becf1c284e40c068d787b55464d510c0f56fc47606ae226849998
                                                                                                                                                                                                                                        • Instruction ID: 4bc184160f79271bdbbc060dfbb5a0e4ffdf3872a3cb1feb5df832f7ec0e0bba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ab779c8647becf1c284e40c068d787b55464d510c0f56fc47606ae226849998
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2301D875F1FA0185F760A721E8243AE6391EB48754F544130DE4C9A796DF2ED6D2CB08
                                                                                                                                                                                                                                        Function 00007FFDA33BA070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: d7a71eaaf30663d8327f05478f771699e1542acaec8be72eabf37f7002e54e94
                                                                                                                                                                                                                                        • Instruction ID: f951f8d45353cf4744fa2c817785561a6653e16392b713b82a142bffbb5bb490
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7a71eaaf30663d8327f05478f771699e1542acaec8be72eabf37f7002e54e94
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08017572F0EA4586F750AB55C4247993791FB40744F408135D64C9B7E6CFBED586CB04
                                                                                                                                                                                                                                        Function 00007FFDA33BA150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                        • Opcode ID: 44c050a7085955b3d7ab184d4cc8923d6b53a575257d83f1cda96001529966fc
                                                                                                                                                                                                                                        • Instruction ID: 042e8bcdb856a65f81704720b10161b442103d4b0f05a04a7df25ae7c2b34a04
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44c050a7085955b3d7ab184d4cc8923d6b53a575257d83f1cda96001529966fc
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22015262B0EA41C6F390AF54D4147993691FB40744F504134DA4C9A7E6CFBED58ACB04
                                                                                                                                                                                                                                        Function 00007FFDA339169F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_errorY_free
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                        • API String ID: 3485142574-2723262194
                                                                                                                                                                                                                                        • Opcode ID: 6e8cda1a65894cad322193696794da91d794b3f129126579d3bf83410ac8c375
                                                                                                                                                                                                                                        • Instruction ID: 55a82d9a556f315eaf622c18f018bb039c468f3434b85abe5dfc38f0f0964ed4
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e8cda1a65894cad322193696794da91d794b3f129126579d3bf83410ac8c375
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2601DB22B0EA4141EB40E725F5541AEA392EF887C4F844030EB4C5BB9BDF7DD404C708
                                                                                                                                                                                                                                        Function 00007FFDA3396FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: Time$System$File
                                                                                                                                                                                                                                        • String ID: gfff
                                                                                                                                                                                                                                        • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                        • Opcode ID: ba21af08029e37863dc307e495def67eba760d40ebbd68e1291f13320705a910
                                                                                                                                                                                                                                        • Instruction ID: 93c2cf234ac3b7c7447974642b7f04debcb8264a39be14117df96e154d787bba
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba21af08029e37863dc307e495def67eba760d40ebbd68e1291f13320705a910
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3017BA2F1894582DF60DF35F81115463A1E7CC784B009031FB8DDB72AEE2CC5018700
                                                                                                                                                                                                                                        Function 00007FFDA33D91A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                                        • API String ID: 3946675294-1997036262
                                                                                                                                                                                                                                        • Opcode ID: 025dde00dc59940e858e5729845b5da4c126934ab4d643351d4320c4219254ed
                                                                                                                                                                                                                                        • Instruction ID: d1a163313e753e72ef22d5728a31a48fc112dcb3f7c28131ee81a0d1d6400a96
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 025dde00dc59940e858e5729845b5da4c126934ab4d643351d4320c4219254ed
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34F06222B0DA4185EB41AF16E06536C2392A785B88F544034DE4D5F78BEE3EC4898704
                                                                                                                                                                                                                                        Function 00007FFDA33910DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: +$..\s\ssl\pqueue.c
                                                                                                                                                                                                                                        • API String ID: 1767461275-3697747608
                                                                                                                                                                                                                                        • Opcode ID: 6dd5eb2dac8f7d1b9860550bb177af57ec36b74efa482d5cf996e6328a34b55c
                                                                                                                                                                                                                                        • Instruction ID: 83603ca2633dadbed547a6aee225464ecf5ce7e201be1265c3fc5ae4716e6726
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6dd5eb2dac8f7d1b9860550bb177af57ec36b74efa482d5cf996e6328a34b55c
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49F03025B1F903C6EA51BB54D4355F96762EF84704F800031EA0C6B7A6EF6EF649CA18
                                                                                                                                                                                                                                        Function 00007FFDA33A6083 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2501506837.00007FFDA3391000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA3390000, based on PE: true
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501460476.00007FFDA3390000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501506837.00007FFDA3403000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501646076.00007FFDA3405000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501696029.00007FFDA3428000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501743804.00007FFDA342C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA342D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA3433000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        • Associated: 00000003.00000002.2501786415.00007FFDA343A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ffda3390000_file.jbxd
                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                        • API ID: R_put_error
                                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c$m
                                                                                                                                                                                                                                        • API String ID: 1767461275-297842231
                                                                                                                                                                                                                                        • Opcode ID: 7de1d9be11513b37999b595c25baa0040ccc3842e601318cfc67818ef34a6a5a
                                                                                                                                                                                                                                        • Instruction ID: 29f2b43bae74a58a566dca333abebbb326ae3390433e7dc89b82f34d6200566b
                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7de1d9be11513b37999b595c25baa0040ccc3842e601318cfc67818ef34a6a5a
                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99D0C227B0D944C6E311EF41F4001D96322F784350F800832EB0C137A6CB7ED446DA14